Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan bc.miner


  • This topic is locked This topic is locked
27 replies to this topic

#1 cassette

cassette

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 25 September 2012 - 04:33 PM

Hi everyone, I'm running Windows 7 64bit on my pc and have tried to remove Trojan Dropper Bcminer but it returns on restart. I've had a look at other threads on this topic so have run DDS so have pasted the malwarebytes and DDS logs below. I's really appreciate any help you can offer with this, thank you very much.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421


25/09/2012 22:26:44
mbam-log-2012-09-25 (22-26-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198917
Time elapsed: 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.







.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Emily at 22:12:37 on 2012-09-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.6394 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\system32\WLANExt.exe
C:\windows\Explorer.EXE
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Users\Emily\AppData\Local\Temp\ToolbarUpdater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = gamezona.org
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Emily\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Emily\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{C64C982B-910B-48B1-A01A-8B212C879C90} : DhcpNameServer = 89.101.160.4 89.101.160.5
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\x58mi82o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.ie
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\npAppUp.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R1 aswKbd;aswKbd;C:\windows\system32\drivers\aswKbd.sys --> C:\windows\system32\drivers\aswKbd.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 655944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TolbarUpdater;Toolbar Updater;C:\Users\Emily\AppData\Local\Temp\ToolbarUpdater.exe [2012-9-13 508416]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-15 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\system32\Drivers\usbvideo.sys --> C:\windows\system32\Drivers\usbvideo.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-15 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-5 1153368]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-15 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-25 20:21:33 -------- d-----w- C:\Program Files (x86)\The Chronicles of Emerland Solitaire
2012-09-25 20:09:52 -------- d-----w- C:\Users\Emily\AppData\Roaming\Rainbow
2012-09-25 11:38:54 -------- d-----w- C:\Users\Emily\AppData\Roaming\realore_whiterra_adelantado_beta
2012-09-25 11:38:40 -------- d-----w- C:\windows\Adelantado
2012-09-25 11:38:40 -------- d-----w- C:\Program Files (x86)\Adelantado
2012-09-25 11:37:25 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-09-25 11:36:37 -------- d-----w- C:\Users\Emily\AppData\Roaming\realore_whiterra_adelantado_ru
2012-09-25 11:36:31 -------- d-----w- C:\Program Files (x86)\Realore Studio
2012-09-25 11:25:37 -------- d-----w- C:\Program Files (x86)\The Great Unknown - Houdini's Castle CE
2012-09-21 17:00:41 -------- d-----w- C:\Users\Emily\AppData\Roaming\Top Evidence
2012-09-21 17:00:41 -------- d-----w- C:\ProgramData\Top Evidence
2012-09-21 12:01:53 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{982012C1-FB95-41EB-BA27-27A67ADF1884}\mpengine.dll
2012-09-19 19:12:16 -------- d-----w- C:\windows\SysWow64\2030
2012-09-19 16:01:16 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-18 16:30:37 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-18 16:30:37 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-18 16:30:32 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-18 16:30:32 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-18 16:30:31 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-18 16:30:31 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-18 16:30:30 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-18 12:11:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-18 11:51:35 -------- d-----w- C:\Users\Emily\AppData\Roaming\Inertia Game Studios
2012-09-13 11:57:40 -------- d-----w- C:\Program Files (x86)\Boutique Boulevard
2012-09-12 21:16:01 -------- d-----w- C:\Users\Emily\AppData\Roaming\OpenOffice.org
2012-09-12 21:14:57 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-09-05 19:12:15 -------- d-----w- C:\windows\SysWow64\1096
2012-09-03 20:22:00 -------- d-----w- C:\Users\Emily\AppData\Roaming\BlooBuzz
2012-09-03 20:21:42 -------- d-----w- C:\Users\Emily\AppData\Roaming\Time Builders - Pyramid Rising 2 Strategy Guide
2012-09-03 20:21:04 -------- d-----w- C:\windows\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-03 20:21:04 -------- d-----w- C:\Program Files (x86)\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-02 11:35:51 -------- d-----w- C:\Users\Emily\AppData\Local\Microsoft Help
2012-08-31 11:42:04 2295920 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 11:41:44 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-28 21:57:20 -------- d-----w- C:\Users\Emily\AppData\Roaming\Specialbit
.
==================== Find3M ====================
.
2012-09-25 11:37:43 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 11:37:43 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-19 16:01:11 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-19 16:01:11 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-07-03 12:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 22:13:07.78 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 26 September 2012 - 01:24 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cassette

cassette
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 26 September 2012 - 11:11 AM

Hi Gringo,

Thank you so much for trying to help me out with this. I've followed your instructions and the logs you requested are below.




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012
Ran by SYSTEM at 26-09-2012 17:01:01
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13353064 2011-11-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-03-15] (Lenovo)
HKLM\...\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-03-15] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-15] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2010-12-04] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [224352 2010-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-15] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Emily\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Emily\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5
Startup: C:\Users\Emily\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Emily\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 TolbarUpdater; C:\Users\Emily\AppData\Local\Temp\ToolbarUpdater.exe [508416 2012-08-25] ()

==================== Drivers (Whitelisted) =====================

1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-06] (AVAST Software)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-20] (Microsoft Corporation)
2 CLKMSVC10_3A60B698; [x]
2 CLKMSVC10_C3B3B687; [x]
2 DriverService; [x]
2 IAStorDataMgrSvc; [x]
2 idealife Update Service; [x]
3 IGRS; [x]
2 IviRegMgr; [x]
2 McAfee SiteAdvisor Service; [x]
2 McMPFSvc; [x]
2 McProxy; [x]
2 nvUpdatusService; [x]
2 Oasis2Service; [x]
2 PCCarerServic; [x]
2 ReadyComm.DirectRouter; [x]
2 RichVideo; [x]
2 RtLedService; [x]
2 SoftwareService; [x]
2 Stereo Service; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-26 04:11 - 2012-09-26 04:11 - 17864381 ____A C:\Windows\SysWOW64\libs.exe
2012-09-26 04:11 - 2012-05-25 05:34 - 00000000 ____D C:\Windows\SysWOW64\profile
2012-09-26 04:11 - 2012-05-25 05:34 - 00000000 ____D C:\Windows\SysWOW64\plugins
2012-09-26 04:11 - 2012-05-16 05:03 - 01907200 ____A C:\Windows\SysWOW64\Skybound.Gecko.dll
2012-09-26 04:11 - 2012-05-07 09:10 - 00000000 ____D C:\Windows\SysWOW64\dictionaries
2012-09-26 04:11 - 2012-05-07 09:08 - 04380384 ____A C:\Windows\SysWOW64\omni.ja
2012-09-26 04:11 - 2012-04-20 07:17 - 00001221 ____A C:\Windows\SysWOW64\precomplete
2012-09-26 04:11 - 2012-04-20 07:17 - 00000478 ____A C:\Windows\SysWOW64\softokn3.chk
2012-09-26 04:11 - 2012-04-20 07:17 - 00000478 ____A C:\Windows\SysWOW64\nssdbm3.chk
2012-09-26 04:11 - 2012-04-20 07:17 - 00000478 ____A C:\Windows\SysWOW64\freebl3.chk
2012-09-26 04:11 - 2012-04-20 07:17 - 00000036 ____A C:\Windows\SysWOW64\chrome.manifest
2012-09-26 04:11 - 2012-04-20 07:11 - 14446592 ____A (Mozilla Foundation) C:\Windows\SysWOW64\xul.dll
2012-09-26 04:11 - 2012-04-20 07:11 - 00030720 ____A (Mozilla Foundation) C:\Windows\SysWOW64\xpcshell.exe
2012-09-26 04:11 - 2012-04-20 07:11 - 00012288 ____A (Mozilla Foundation) C:\Windows\SysWOW64\xpcom.dll
2012-09-26 04:11 - 2012-04-20 07:11 - 00009728 ____A (Mozilla Corporation) C:\Windows\SysWOW64\plugin-container.exe
2012-09-26 04:11 - 2012-04-20 07:11 - 00008192 ____A (Mozilla Foundation) C:\Windows\SysWOW64\redit.exe
2012-09-26 04:11 - 2012-04-20 07:11 - 00000130 ____A C:\Windows\SysWOW64\dependentlibs.list
2012-09-26 04:11 - 2012-04-20 07:08 - 00364544 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nssckbi.dll
2012-09-26 04:11 - 2012-04-20 07:08 - 00151552 ____A (Mozilla Foundation) C:\Windows\SysWOW64\ssl3.dll
2012-09-26 04:11 - 2012-04-20 07:08 - 00098304 ____A (Mozilla Foundation) C:\Windows\SysWOW64\smime3.dll
2012-09-26 04:11 - 2012-04-20 07:07 - 00638976 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nss3.dll
2012-09-26 04:11 - 2012-04-20 07:07 - 00262144 ____A (Mozilla Foundation) C:\Windows\SysWOW64\freebl3.dll
2012-09-26 04:11 - 2012-04-20 07:07 - 00163840 ____A (Mozilla Foundation) C:\Windows\SysWOW64\softokn3.dll
2012-09-26 04:11 - 2012-04-20 07:07 - 00102400 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nssdbm3.dll
2012-09-26 04:11 - 2012-04-20 07:07 - 00098304 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nssutil3.dll
2012-09-26 04:11 - 2012-04-20 07:04 - 00026624 ____A (Mozilla Foundation) C:\Windows\SysWOW64\IA2Marshal.dll
2012-09-26 04:11 - 2012-04-20 07:04 - 00012288 ____A (Mozilla Foundation) C:\Windows\SysWOW64\AccessibleMarshal.dll
2012-09-26 04:11 - 2012-04-20 07:03 - 00589824 ____A (Mozilla Foundation) C:\Windows\SysWOW64\gkmedias.dll
2012-09-26 04:11 - 2012-04-20 06:38 - 00102400 ____A (Mozilla Foundation) C:\Windows\SysWOW64\libEGL.dll
2012-09-26 04:11 - 2012-04-20 06:37 - 00458752 ____A (Mozilla Foundation) C:\Windows\SysWOW64\libGLESv2.dll
2012-09-26 04:11 - 2012-04-20 06:34 - 00524288 ____A (sqlite.org) C:\Windows\SysWOW64\mozsqlite3.dll
2012-09-26 04:11 - 2012-04-20 06:22 - 02002944 ____A C:\Windows\SysWOW64\js.exe
2012-09-26 04:11 - 2012-04-20 06:22 - 01945600 ____A C:\Windows\SysWOW64\mozjs.dll
2012-09-26 04:11 - 2012-04-20 06:19 - 00167936 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nspr4.dll
2012-09-26 04:11 - 2012-04-20 06:19 - 00026112 ____A (Mozilla Foundation) C:\Windows\SysWOW64\mozglue.dll
2012-09-26 04:11 - 2012-04-20 06:19 - 00014848 ____A (Mozilla Foundation) C:\Windows\SysWOW64\plc4.dll
2012-09-26 04:11 - 2012-04-20 06:19 - 00011776 ____A (Mozilla Foundation) C:\Windows\SysWOW64\plds4.dll
2012-09-26 04:11 - 2012-04-20 06:19 - 00009216 ____A (Mozilla Foundation) C:\Windows\SysWOW64\mozalloc.dll
2012-09-26 04:11 - 2010-05-26 02:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-09-26 04:11 - 2010-05-26 02:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_43.dll
2012-09-26 04:11 - 2006-12-01 21:22 - 00479232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcm80.dll
2012-09-26 04:11 - 2006-12-01 13:03 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2012-09-26 04:11 - 2006-12-01 13:03 - 00548864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2012-09-26 04:11 - 2006-12-01 13:03 - 00001869 ____A C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest
2012-09-26 03:19 - 2012-09-26 03:19 - 01455249 ____A (Farbar) C:\Users\Emily\Desktop\FRST64.exe
2012-09-26 03:12 - 2012-09-26 03:12 - 00128512 ____A C:\Windows\SysWOW64\WinMonitor.exe
2012-09-25 13:36 - 2012-09-25 13:36 - 00000000 ____D C:\Users\Emily\Documents\malware log
2012-09-25 13:11 - 2012-09-25 13:11 - 00607260 ____R (Swearware) C:\Users\Emily\Desktop\dds(1).com
2012-09-25 13:10 - 2012-09-25 13:10 - 00607260 ____A (Swearware) C:\Users\Emily\Desktop\dds.com
2012-09-25 12:21 - 2012-09-25 12:21 - 00000000 ____D C:\Program Files (x86)\The Chronicles of Emerland Solitaire
2012-09-25 12:17 - 2012-09-25 13:15 - 00000000 ____D C:\Users\Emily\Desktop\Bored To Death Season 1 Complete 720p
2012-09-25 12:12 - 2012-09-25 12:12 - 00000000 ____D C:\Users\Emily\Desktop\The Chronicles of Emerland Solitaire
2012-09-25 12:09 - 2012-09-25 12:09 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Rainbow
2012-09-25 12:09 - 2012-09-25 12:09 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Opera
2012-09-25 12:06 - 2012-09-25 12:33 - 286328832 ____A C:\Users\Emily\Desktop\Celebrity MasterChef (UK)- S07E30 (GB2012 WEBRIP).avi
2012-09-25 12:05 - 2012-09-25 12:18 - 328798754 ____A C:\Users\Emily\Desktop\Celebrity MasterChef (UK)- S07E29 (GB2012 WEBRIP).avi
2012-09-25 12:05 - 2012-09-25 12:18 - 251721046 ____A C:\Users\Emily\Desktop\Celebrity MasterChef (UK)- S07E28.avi
2012-09-25 03:38 - 2012-09-25 03:39 - 00000000 ____D C:\Users\Emily\AppData\Roaming\realore_whiterra_adelantado_beta
2012-09-25 03:38 - 2012-09-25 03:38 - 00000000 ____D C:\Windows\Adelantado
2012-09-25 03:38 - 2012-09-25 03:38 - 00000000 ____D C:\Program Files (x86)\Adelantado
2012-09-25 03:37 - 2012-09-25 03:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-25 03:36 - 2012-09-25 03:37 - 00000000 ____D C:\Users\Emily\AppData\Roaming\realore_whiterra_adelantado_ru
2012-09-25 03:36 - 2012-09-25 03:36 - 00000000 ____D C:\Program Files (x86)\Realore Studio
2012-09-25 03:25 - 2012-09-25 03:28 - 00000000 ____D C:\Program Files (x86)\The Great Unknown - Houdini's Castle CE
2012-09-24 04:41 - 2012-09-24 04:46 - 00000000 ____D C:\Users\Emily\Desktop\Jillian Michaels 30 Day Shred - www.DietingHub.com
2012-09-23 12:34 - 2012-09-20 02:44 - 00000000 ____D C:\Users\Emily\Desktop\Dark Parables 4- The Red Riding Hood Sisters CE
2012-09-23 12:11 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-23 12:11 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-23 12:11 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-23 12:11 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-23 12:11 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-23 12:11 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-23 12:11 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-23 12:11 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-23 12:11 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-23 12:11 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-23 12:11 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-23 12:11 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-23 12:11 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-23 12:11 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-23 12:11 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-23 12:11 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-23 12:11 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-23 12:11 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-23 12:11 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-23 12:11 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-23 12:11 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-23 12:11 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-23 12:11 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-23 12:11 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-23 12:11 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-23 12:11 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-23 12:11 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-23 12:11 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-23 12:11 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-23 12:11 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-23 12:11 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-23 12:11 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 09:00 - 2012-09-21 09:00 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Top Evidence
2012-09-21 09:00 - 2012-09-21 09:00 - 00000000 ____D C:\Users\All Users\Top Evidence
2012-09-20 13:04 - 2012-09-20 13:04 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2012-09-20 11:15 - 2012-09-20 11:21 - 329439962 ____A C:\Users\Emily\Desktop\Celebrity MasterChef (UK)- S07E26 (GB2012 WEBRIP).avi
2012-09-20 11:14 - 2012-09-20 11:18 - 00000000 ____D C:\Users\Emily\Desktop\Margrave The Curse of the Severed Heart CE
2012-09-19 11:12 - 2012-09-19 11:12 - 00000000 ____D C:\Windows\SysWOW64\2030
2012-09-19 08:01 - 2012-09-19 08:01 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-19 08:01 - 2012-09-19 08:01 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-19 08:01 - 2012-09-19 08:01 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-19 08:01 - 2012-09-19 08:01 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-19 08:01 - 2012-09-19 08:01 - 00000000 ____D C:\Program Files (x86)\Java
2012-09-18 08:30 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-18 08:30 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-18 08:30 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-18 08:30 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-18 08:30 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-18 08:30 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-18 08:30 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-18 04:11 - 2012-09-18 04:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-18 03:51 - 2012-09-18 03:51 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Inertia Game Studios
2012-09-18 03:33 - 2012-09-18 14:29 - 00000000 ___SD C:\32788R22FWJFW
2012-09-17 12:44 - 2012-09-23 14:12 - 00000000 ____D C:\Users\Emily\Desktop\masterchef
2012-09-13 03:57 - 2012-09-18 08:16 - 00000000 ____D C:\Program Files (x86)\Boutique Boulevard
2012-09-12 13:16 - 2012-09-12 13:16 - 00000000 ____D C:\Users\Emily\AppData\Roaming\OpenOffice.org
2012-09-12 13:14 - 2012-09-20 13:03 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-09-12 12:38 - 2012-09-18 08:16 - 00000000 ____D C:\Users\Emily\Desktop\ms office crack (used sept2012)
2012-09-07 09:31 - 2012-09-07 09:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-05 11:12 - 2012-09-19 11:12 - 00000000 ____D C:\Windows\SysWOW64\1096
2012-09-03 12:22 - 2012-09-03 12:22 - 00000000 ____D C:\Users\Emily\AppData\Roaming\BlooBuzz
2012-09-03 12:21 - 2012-09-18 08:16 - 00000000 ____D C:\Program Files (x86)\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-03 12:21 - 2012-09-03 12:21 - 00000000 ____D C:\Windows\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-03 12:21 - 2012-09-03 12:21 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Time Builders - Pyramid Rising 2 Strategy Guide
2012-09-02 03:35 - 2012-09-02 03:35 - 00000000 ____D C:\Users\Emily\AppData\Local\Microsoft Help
2012-09-02 03:35 - 2012-09-02 03:35 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-08-28 13:57 - 2012-08-28 13:57 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Specialbit


==================== 3 Months Modified Files ==================

2012-09-26 07:57 - 2012-03-15 07:43 - 00284977 ____A C:\Windows\System32\fastboot.set
2012-09-26 07:57 - 2012-03-15 07:42 - 00668716 ____A C:\FaceProv.log
2012-09-26 07:56 - 2012-07-09 02:54 - 00008640 ____A C:\Windows\PFRO.log
2012-09-26 07:56 - 2012-07-08 03:31 - 00002988 ____A C:\Windows\setupact.log
2012-09-26 07:56 - 2012-03-15 07:39 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-26 07:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-26 07:05 - 2012-03-15 07:39 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-26 04:11 - 2012-09-26 04:11 - 17864381 ____A C:\Windows\SysWOW64\libs.exe
2012-09-26 03:19 - 2012-09-26 03:19 - 01455249 ____A (Farbar) C:\Users\Emily\Desktop\FRST64.exe
2012-09-26 03:17 - 2009-07-13 21:13 - 00727008 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-26 03:12 - 2012-09-26 03:12 - 00128512 ____A C:\Windows\SysWOW64\WinMonitor.exe
2012-09-26 03:12 - 2012-05-16 02:39 - 00000352 ____A C:\Windows\Tasks\At3.job
2012-09-25 13:45 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-25 13:45 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-25 13:11 - 2012-09-25 13:11 - 00607260 ____R (Swearware) C:\Users\Emily\Desktop\dds(1).com
2012-09-25 13:10 - 2012-09-25 13:10 - 00607260 ____A (Swearware) C:\Users\Emily\Desktop\dds.com
2012-09-25 12:33 - 2012-09-25 12:06 - 286328832 ____A C:\Users\Emily\Desktop\Celebrity MasterChef (UK)- S07E30 (GB2012 WEBRIP).avi
2012-09-25 12:18 - 2012-09-25 12:05 - 328798754 ____A C:\Users\Emily\Desktop\Celebrity MasterChef (UK)- S07E29 (GB2012 WEBRIP).avi
2012-09-25 12:18 - 2012-09-25 12:05 - 251721046 ____A C:\Users\Emily\Desktop\Celebrity MasterChef (UK)- S07E28.avi
2012-09-25 12:12 - 2012-07-24 13:12 - 00000352 ____A C:\Windows\Tasks\At6.job
2012-09-25 03:37 - 2012-04-22 12:55 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-25 03:37 - 2012-04-22 12:55 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-25 03:26 - 2012-03-15 07:11 - 01948127 ____A C:\Windows\WindowsUpdate.log
2012-09-22 13:00 - 2012-04-12 08:50 - 00066776 ____A C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-22 13:00 - 2009-07-13 20:45 - 00309224 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-20 13:04 - 2012-09-20 13:04 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2012-09-20 11:21 - 2012-09-20 11:15 - 329439962 ____A C:\Users\Emily\Desktop\Celebrity MasterChef (UK)- S07E26 (GB2012 WEBRIP).avi
2012-09-19 11:12 - 2012-07-25 12:32 - 00000352 ____A C:\Windows\Tasks\At7.job
2012-09-19 08:01 - 2012-09-19 08:01 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-19 08:01 - 2012-09-19 08:01 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-19 08:01 - 2012-09-19 08:01 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-19 08:01 - 2012-09-19 08:01 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-19 08:01 - 2012-05-08 14:06 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-19 08:01 - 2012-05-08 14:06 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-18 11:12 - 2012-04-24 12:50 - 00000344 ____A C:\Windows\Tasks\At2.job
2012-09-18 08:57 - 2012-04-23 03:31 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-06 03:34 - 2012-07-19 02:51 - 00000350 ____A C:\Windows\Tasks\At5.job
2012-09-06 03:34 - 2012-05-31 02:07 - 00000348 ____A C:\Windows\Tasks\At4.job
2012-09-06 03:34 - 2012-04-12 02:20 - 00000348 ____A C:\Windows\Tasks\At1.job
2012-08-24 03:15 - 2012-09-23 12:11 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-23 12:11 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-23 12:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-23 12:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-23 12:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-23 12:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-23 12:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-23 12:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-23 12:11 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-23 12:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-23 12:11 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-23 12:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-23 12:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-23 12:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-23 12:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-23 12:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-23 12:11 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-23 12:11 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-23 12:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-23 12:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 12:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-23 12:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-23 12:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-23 12:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 12:11 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-23 12:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-23 12:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 12:11 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 12:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-23 12:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-23 12:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 12:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-18 08:30 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-18 08:30 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-18 08:30 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-18 08:30 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-05 06:49 - 2012-04-30 08:43 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-02 09:58 - 2012-09-18 08:30 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-18 08:30 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-18 10:15 - 2012-08-22 13:13 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 06:57 - 2012-07-16 12:31 - 149055607 ____A C:\Users\Emily\Desktop\Five Pairs of Fingers first export.mp4
2012-07-08 03:31 - 2012-07-08 03:31 - 00000000 ____A C:\Windows\setuperr.log
2012-07-06 12:07 - 2012-08-23 02:57 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-22 13:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-22 13:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-22 13:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-22 13:13 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-22 13:13 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-18 08:30 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-07-03 04:46 - 2012-04-30 08:43 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


ZeroAccess:
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\@
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\L
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\L\00000004.@
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\L\201d3dde
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\00000004.@
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\000000cb.@
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\80000000.@
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\80000032.@
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-28 05:29:57
Restore point made on: 2012-09-04 03:19:24
Restore point made on: 2012-09-07 03:55:19
Restore point made on: 2012-09-11 03:48:57
Restore point made on: 2012-09-12 13:12:34
Restore point made on: 2012-09-12 13:14:46
Restore point made on: 2012-09-12 18:00:23
Restore point made on: 2012-09-17 13:55:11
Restore point made on: 2012-09-17 13:59:19
Restore point made on: 2012-09-18 08:11:53
Restore point made on: 2012-09-18 08:27:43
Restore point made on: 2012-09-18 08:57:48
Restore point made on: 2012-09-19 08:00:47
Restore point made on: 2012-09-20 13:01:27
Restore point made on: 2012-09-20 13:03:30
Restore point made on: 2012-09-23 12:11:17
Restore point made on: 2012-09-25 12:36:57

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8106.14 MB
Available physical RAM: 7286.2 MB
Total Pagefile: 8104.34 MB
Available Pagefile: 7272.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:654.69 GB) (Free:479.92 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.46 GB) NTFS
4 Drive g: () (Fixed) (Total:149.05 GB) (Free:9.39 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 1024 KB
Disk 1 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 1024 KB
Partition 2 Primary 654 GB 201 MB
Partition 0 Extended 28 GB 654 GB
Partition 4 Logical 28 GB 654 GB
Partition 3 OEM 14 GB 683 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 200 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 654 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LENOVO NTFS Partition 28 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Partition 149 GB Healthy

=========================================================

Last Boot: 2012-09-26 03:38

==================== End Of Log =============================



Farbar Recovery Scan Tool (x64) Version: 25-09-2012
Ran by SYSTEM at 2012-09-26 17:02:44
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 26 September 2012 - 01:13 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
CMD: Del /q C:\Windows\Tasks\At*.job

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cassette

cassette
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 26 September 2012 - 02:18 PM

Hi, thank you so much for your time. Here's the fixlog.txt you asked for.

Emily



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2012
Ran by SYSTEM at 2012-09-26 20:13:45 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

========= Del /q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========


==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 26 September 2012 - 04:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cassette

cassette
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 26 September 2012 - 04:45 PM

Hi, I am unable to turn off the firewall- Windows Defender- instead am getting the error message "Windows firewall can't change some of your settings. Error code 0x80070424.

Should I run combofix anyway?

Thanks.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 26 September 2012 - 05:09 PM

yes go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cassette

cassette
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 26 September 2012 - 05:36 PM

Hi, ran Combofix- the log is below. No problems except as mentioned above couldn't turn off Windows Defender before running it. Computer seems to be running normally, but it was before I started this thread. Only difference that I have noticed so far, since running Combofix, is that when I opened Firefox it asked me if I wanted to make Firefox my default browser. It has always been my default browser.

Thanks again for your time with this

ComboFix 12-09-26.04 - Emily 26/09/2012 23:18:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.6662 [GMT 1:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\gt.exe
c:\windows\s.bat
c:\windows\SysWow64\c__10000.nls
c:\windows\SysWow64\components
c:\windows\SysWow64\components\binary.manifest
c:\windows\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-27 01:00 . 2012-09-27 01:01 -------- d-----w- C:\FRST
2012-09-26 17:17 . 2012-09-26 17:17 -------- d-----w- c:\users\Emily\AppData\Roaming\Deep Shadows
2012-09-26 11:12 . 2012-09-26 11:12 128512 ----a-w- c:\windows\SysWow64\WinMonitor.exe
2012-09-25 20:21 . 2012-09-26 16:21 -------- d-----w- c:\program files (x86)\The Chronicles of Emerland Solitaire
2012-09-25 20:09 . 2012-09-25 20:09 -------- d-----w- c:\users\Emily\AppData\Roaming\Rainbow
2012-09-25 11:38 . 2012-09-25 11:39 -------- d-----w- c:\users\Emily\AppData\Roaming\realore_whiterra_adelantado_beta
2012-09-25 11:38 . 2012-09-25 11:38 -------- d-----w- c:\windows\Adelantado
2012-09-25 11:37 . 2012-09-25 11:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-25 11:36 . 2012-09-25 11:37 -------- d-----w- c:\users\Emily\AppData\Roaming\realore_whiterra_adelantado_ru
2012-09-25 11:25 . 2012-09-25 11:28 -------- d-----w- c:\program files (x86)\The Great Unknown - Houdini's Castle CE
2012-09-21 17:00 . 2012-09-21 17:00 -------- d-----w- c:\users\Emily\AppData\Roaming\Top Evidence
2012-09-21 17:00 . 2012-09-21 17:00 -------- d-----w- c:\programdata\Top Evidence
2012-09-21 12:01 . 2012-09-18 23:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{982012C1-FB95-41EB-BA27-27A67ADF1884}\mpengine.dll
2012-09-19 19:12 . 2012-09-19 19:12 -------- d-----w- c:\windows\SysWow64\2030
2012-09-19 16:01 . 2012-09-19 16:01 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-19 16:01 . 2012-09-19 16:01 -------- d-----w- c:\program files (x86)\Java
2012-09-18 16:30 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-18 16:30 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-18 16:30 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-18 16:30 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-18 16:30 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-18 16:30 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-18 16:30 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-18 12:11 . 2012-09-18 12:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-18 11:51 . 2012-09-18 11:51 -------- d-----w- c:\users\Emily\AppData\Roaming\Inertia Game Studios
2012-09-13 11:57 . 2012-09-18 16:16 -------- d-----w- c:\program files (x86)\Boutique Boulevard
2012-09-12 21:16 . 2012-09-12 21:16 -------- d-----w- c:\users\Emily\AppData\Roaming\OpenOffice.org
2012-09-12 21:14 . 2012-09-20 21:03 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-09-05 19:12 . 2012-09-19 19:12 -------- d-----w- c:\windows\SysWow64\1096
2012-09-03 20:22 . 2012-09-03 20:22 -------- d-----w- c:\users\Emily\AppData\Roaming\BlooBuzz
2012-09-03 20:21 . 2012-09-03 20:21 -------- d-----w- c:\users\Emily\AppData\Roaming\Time Builders - Pyramid Rising 2 Strategy Guide
2012-09-03 20:21 . 2012-09-18 16:16 -------- d-----w- c:\program files (x86)\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-03 20:21 . 2012-09-03 20:21 -------- d-----w- c:\windows\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-02 11:35 . 2012-09-02 11:35 -------- d-----w- c:\users\Emily\AppData\Local\Microsoft Help
2012-09-02 11:35 . 2012-09-02 11:35 -------- d-----w- c:\programdata\Microsoft Help
2012-08-31 11:42 . 2012-08-31 11:42 2295920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 11:41 . 2012-08-31 11:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-28 21:57 . 2012-08-28 21:57 -------- d-----w- c:\users\Emily\AppData\Roaming\Specialbit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 11:37 . 2012-04-22 20:55 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 11:37 . 2012-04-22 20:55 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 11:51 . 2012-07-26 08:26 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 11:51 . 2012-07-26 08:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-19 16:01 . 2012-05-08 22:06 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-19 16:01 . 2012-05-08 22:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-18 16:57 . 2012-04-23 11:31 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-26 08:26 . 2012-07-26 08:26 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-18 18:15 . 2012-08-22 21:13 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-23 10:57 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-22 21:13 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-22 21:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-22 21:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-22 21:13 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 12:46 . 2012-04-30 16:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-15 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
R2 TolbarUpdater;Toolbar Updater;c:\users\Emily\AppData\Local\Temp\ToolbarUpdater.exe [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-03-15 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-03-15 39008]
S1 aswKbd;aswKbd; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-03-15 13408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-03-15 29792]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 15:39]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-15 15:42 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-15 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-03-15 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-15 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-15 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = gamezona.org
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\x58mi82o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.ie
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2685112163-3244535764-819143802-1001\Software\SecuROM\License information*]
"datasecu"=hex:1c,4e,34,c7,3d,eb,ad,f8,d2,51,2b,5b,4c,e8,51,d0,d6,5a,4a,37,38,
83,e9,2f,96,5b,e7,fa,a5,ae,60,18,11,cd,f6,8e,93,f8,c6,4c,4c,1a,09,16,24,61,\
"rkeysecu"=hex:8a,80,10,b7,ac,3e,a7,c5,4c,41,35,92,c0,94,6e,93
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-26 23:26:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-26 22:26
.
Pre-Run: 524,308,410,368 bytes free
Post-Run: 524,200,976,384 bytes free
.
- - End Of File - - AEB324FC4330B73ED95B97DA2D385025

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 26 September 2012 - 05:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cassette

cassette
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 September 2012 - 12:00 PM

Hi, no problems running either of those- here are the log files...


17:41:11.0971 1692 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:41:12.0214 1692 ============================================================
17:41:12.0214 1692 Current date / time: 2012/09/27 17:41:12.0214
17:41:12.0214 1692 SystemInfo:
17:41:12.0214 1692
17:41:12.0215 1692 OS Version: 6.1.7601 ServicePack: 1.0
17:41:12.0215 1692 Product type: Workstation
17:41:12.0215 1692 ComputerName: EMILY-PC
17:41:12.0215 1692 UserName: Emily
17:41:12.0215 1692 Windows directory: C:\windows
17:41:12.0215 1692 System windows directory: C:\windows
17:41:12.0215 1692 Running under WOW64
17:41:12.0215 1692 Processor architecture: Intel x64
17:41:12.0215 1692 Number of processors: 4
17:41:12.0215 1692 Page size: 0x1000
17:41:12.0215 1692 Boot type: Normal boot
17:41:12.0215 1692 ============================================================
17:41:12.0590 1692 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
17:41:12.0594 1692 ============================================================
17:41:12.0594 1692 \Device\Harddisk0\DR0:
17:41:12.0594 1692 MBR partitions:
17:41:12.0594 1692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
17:41:12.0594 1692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
17:41:12.0626 1692 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
17:41:12.0626 1692 ============================================================
17:41:12.0674 1692 C: <-> \Device\Harddisk0\DR0\Partition2
17:41:12.0712 1692 D: <-> \Device\Harddisk0\DR0\Partition3
17:41:12.0713 1692 ============================================================
17:41:12.0713 1692 Initialize success
17:41:12.0713 1692 ============================================================
17:41:27.0035 3320 ============================================================
17:41:27.0035 3320 Scan started
17:41:27.0035 3320 Mode: Manual;
17:41:27.0035 3320 ============================================================
17:41:27.0539 3320 ================ Scan system memory ========================
17:41:27.0539 3320 System memory - ok
17:41:27.0540 3320 ================ Scan services =============================
17:41:27.0818 3320 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:41:27.0825 3320 1394ohci - ok
17:41:27.0859 3320 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:41:27.0867 3320 ACPI - ok
17:41:27.0893 3320 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:41:27.0895 3320 AcpiPmi - ok
17:41:27.0942 3320 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
17:41:27.0943 3320 ACPIVPC - ok
17:41:28.0089 3320 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:41:28.0090 3320 AdobeARMservice - ok
17:41:28.0139 3320 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:41:28.0151 3320 adp94xx - ok
17:41:28.0196 3320 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
17:41:28.0204 3320 adpahci - ok
17:41:28.0240 3320 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:41:28.0245 3320 adpu320 - ok
17:41:28.0273 3320 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:41:28.0276 3320 AeLookupSvc - ok
17:41:28.0325 3320 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:41:28.0337 3320 AFD - ok
17:41:28.0383 3320 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:41:28.0386 3320 agp440 - ok
17:41:28.0415 3320 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:41:28.0419 3320 ALG - ok
17:41:28.0455 3320 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:41:28.0457 3320 aliide - ok
17:41:28.0464 3320 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:41:28.0467 3320 amdide - ok
17:41:28.0496 3320 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:41:28.0499 3320 AmdK8 - ok
17:41:28.0511 3320 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:41:28.0514 3320 AmdPPM - ok
17:41:28.0542 3320 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:41:28.0546 3320 amdsata - ok
17:41:28.0572 3320 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:41:28.0578 3320 amdsbs - ok
17:41:28.0595 3320 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:41:28.0596 3320 amdxata - ok
17:41:28.0628 3320 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:41:28.0631 3320 AppID - ok
17:41:28.0656 3320 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:41:28.0659 3320 AppIDSvc - ok
17:41:28.0667 3320 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:41:28.0670 3320 Appinfo - ok
17:41:28.0745 3320 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:41:28.0748 3320 Apple Mobile Device - ok
17:41:28.0796 3320 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
17:41:28.0800 3320 arc - ok
17:41:28.0821 3320 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
17:41:28.0824 3320 arcsas - ok
17:41:28.0906 3320 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\windows\system32\drivers\aswKbd.sys
17:41:28.0907 3320 aswKbd - ok
17:41:28.0945 3320 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:41:28.0947 3320 AsyncMac - ok
17:41:28.0977 3320 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:41:28.0978 3320 atapi - ok
17:41:29.0035 3320 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:41:29.0054 3320 AudioEndpointBuilder - ok
17:41:29.0074 3320 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:41:29.0080 3320 AudioSrv - ok
17:41:29.0098 3320 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:41:29.0101 3320 AxInstSV - ok
17:41:29.0137 3320 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:41:29.0145 3320 b06bdrv - ok
17:41:29.0176 3320 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:41:29.0181 3320 b57nd60a - ok
17:41:29.0325 3320 [ B5D54119CE0BB77872C33A717CB76386 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
17:41:29.0363 3320 BCM43XX - ok
17:41:29.0407 3320 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:41:29.0409 3320 BDESVC - ok
17:41:29.0420 3320 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:41:29.0421 3320 Beep - ok
17:41:29.0456 3320 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
17:41:29.0469 3320 BFE - ok
17:41:29.0528 3320 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
17:41:29.0563 3320 BITS - ok
17:41:29.0599 3320 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:41:29.0601 3320 blbdrive - ok
17:41:29.0672 3320 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:41:29.0680 3320 Bonjour Service - ok
17:41:29.0724 3320 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:41:29.0726 3320 bowser - ok
17:41:29.0777 3320 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
17:41:29.0778 3320 BPntDrv - ok
17:41:29.0822 3320 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:41:29.0824 3320 BrFiltLo - ok
17:41:29.0837 3320 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:41:29.0839 3320 BrFiltUp - ok
17:41:29.0875 3320 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
17:41:29.0878 3320 BridgeMP - ok
17:41:29.0921 3320 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
17:41:29.0925 3320 Browser - ok
17:41:29.0945 3320 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:41:29.0951 3320 Brserid - ok
17:41:29.0987 3320 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:41:29.0989 3320 BrSerWdm - ok
17:41:30.0016 3320 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:41:30.0018 3320 BrUsbMdm - ok
17:41:30.0034 3320 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:41:30.0036 3320 BrUsbSer - ok
17:41:30.0095 3320 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:41:30.0097 3320 BthEnum - ok
17:41:30.0130 3320 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
17:41:30.0133 3320 BTHMODEM - ok
17:41:30.0153 3320 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:41:30.0156 3320 BthPan - ok
17:41:30.0205 3320 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:41:30.0217 3320 BTHPORT - ok
17:41:30.0267 3320 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:41:30.0271 3320 bthserv - ok
17:41:30.0294 3320 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:41:30.0297 3320 BTHUSB - ok
17:41:30.0346 3320 catchme - ok
17:41:30.0373 3320 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:41:30.0376 3320 cdfs - ok
17:41:30.0422 3320 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:41:30.0426 3320 cdrom - ok
17:41:30.0458 3320 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:41:30.0461 3320 CertPropSvc - ok
17:41:30.0481 3320 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
17:41:30.0483 3320 circlass - ok
17:41:30.0512 3320 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:41:30.0520 3320 CLFS - ok
17:41:30.0644 3320 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:41:30.0647 3320 clr_optimization_v2.0.50727_32 - ok
17:41:30.0698 3320 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:41:30.0700 3320 clr_optimization_v2.0.50727_64 - ok
17:41:30.0778 3320 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:41:30.0781 3320 clr_optimization_v4.0.30319_32 - ok
17:41:30.0820 3320 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:41:30.0824 3320 clr_optimization_v4.0.30319_64 - ok
17:41:30.0850 3320 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
17:41:30.0852 3320 clwvd - ok
17:41:30.0879 3320 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:41:30.0881 3320 CmBatt - ok
17:41:30.0903 3320 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:41:30.0905 3320 cmdide - ok
17:41:30.0967 3320 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
17:41:30.0977 3320 CNG - ok
17:41:31.0037 3320 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:41:31.0039 3320 Compbatt - ok
17:41:31.0068 3320 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:41:31.0070 3320 CompositeBus - ok
17:41:31.0084 3320 COMSysApp - ok
17:41:31.0227 3320 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
17:41:31.0232 3320 cphs - ok
17:41:31.0256 3320 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:41:31.0258 3320 crcdisk - ok
17:41:31.0302 3320 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
17:41:31.0308 3320 CryptSvc - ok
17:41:31.0423 3320 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:41:31.0436 3320 cvhsvc - ok
17:41:31.0501 3320 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:41:31.0521 3320 DcomLaunch - ok
17:41:31.0564 3320 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:41:31.0572 3320 defragsvc - ok
17:41:31.0624 3320 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:41:31.0627 3320 DfsC - ok
17:41:31.0655 3320 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:41:31.0663 3320 Dhcp - ok
17:41:31.0703 3320 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:41:31.0705 3320 discache - ok
17:41:31.0749 3320 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
17:41:31.0751 3320 Disk - ok
17:41:31.0768 3320 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:41:31.0773 3320 Dnscache - ok
17:41:31.0793 3320 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:41:31.0800 3320 dot3svc - ok
17:41:31.0809 3320 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:41:31.0813 3320 DPS - ok
17:41:31.0871 3320 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:41:31.0873 3320 drmkaud - ok
17:41:31.0916 3320 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:41:31.0928 3320 DXGKrnl - ok
17:41:31.0955 3320 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:41:31.0958 3320 EapHost - ok
17:41:32.0039 3320 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
17:41:32.0108 3320 ebdrv - ok
17:41:32.0127 3320 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:41:32.0128 3320 EFS - ok
17:41:32.0207 3320 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:41:32.0216 3320 ehRecvr - ok
17:41:32.0257 3320 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:41:32.0259 3320 ehSched - ok
17:41:32.0311 3320 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:41:32.0321 3320 elxstor - ok
17:41:32.0343 3320 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:41:32.0344 3320 ErrDev - ok
17:41:32.0394 3320 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:41:32.0402 3320 EventSystem - ok
17:41:32.0420 3320 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:41:32.0424 3320 exfat - ok
17:41:32.0436 3320 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:41:32.0440 3320 fastfat - ok
17:41:32.0477 3320 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:41:32.0486 3320 Fax - ok
17:41:32.0515 3320 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
17:41:32.0516 3320 fbfmon - ok
17:41:32.0529 3320 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
17:41:32.0535 3320 fdc - ok
17:41:32.0553 3320 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:41:32.0555 3320 fdPHost - ok
17:41:32.0573 3320 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:41:32.0576 3320 FDResPub - ok
17:41:32.0585 3320 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:41:32.0586 3320 FileInfo - ok
17:41:32.0596 3320 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:41:32.0597 3320 Filetrace - ok
17:41:32.0601 3320 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:41:32.0614 3320 flpydisk - ok
17:41:32.0633 3320 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:41:32.0637 3320 FltMgr - ok
17:41:32.0667 3320 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
17:41:32.0696 3320 FontCache - ok
17:41:32.0757 3320 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:41:32.0758 3320 FontCache3.0.0.0 - ok
17:41:32.0773 3320 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:41:32.0776 3320 FsDepends - ok
17:41:32.0813 3320 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:41:32.0814 3320 Fs_Rec - ok
17:41:32.0869 3320 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:41:32.0874 3320 fvevol - ok
17:41:32.0898 3320 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:41:32.0901 3320 gagp30kx - ok
17:41:32.0934 3320 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:41:32.0935 3320 GEARAspiWDM - ok
17:41:32.0983 3320 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:41:33.0001 3320 gpsvc - ok
17:41:33.0067 3320 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:41:33.0071 3320 gupdate - ok
17:41:33.0093 3320 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:41:33.0095 3320 gupdatem - ok
17:41:33.0120 3320 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:41:33.0123 3320 gusvc - ok
17:41:33.0156 3320 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:41:33.0158 3320 hcw85cir - ok
17:41:33.0180 3320 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:41:33.0189 3320 HdAudAddService - ok
17:41:33.0229 3320 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:41:33.0232 3320 HDAudBus - ok
17:41:33.0239 3320 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:41:33.0241 3320 HidBatt - ok
17:41:33.0258 3320 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:41:33.0261 3320 HidBth - ok
17:41:33.0266 3320 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
17:41:33.0267 3320 HidIr - ok
17:41:33.0295 3320 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
17:41:33.0297 3320 hidserv - ok
17:41:33.0308 3320 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
17:41:33.0309 3320 HidUsb - ok
17:41:33.0350 3320 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:41:33.0353 3320 hkmsvc - ok
17:41:33.0382 3320 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:41:33.0386 3320 HomeGroupListener - ok
17:41:33.0417 3320 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:41:33.0422 3320 HomeGroupProvider - ok
17:41:33.0427 3320 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:41:33.0429 3320 HpSAMD - ok
17:41:33.0458 3320 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:41:33.0468 3320 HTTP - ok
17:41:33.0481 3320 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:41:33.0482 3320 hwpolicy - ok
17:41:33.0520 3320 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
17:41:33.0524 3320 i8042prt - ok
17:41:33.0568 3320 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:41:33.0571 3320 iaStor - ok
17:41:33.0604 3320 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:41:33.0610 3320 iaStorV - ok
17:41:33.0680 3320 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:41:33.0687 3320 idsvc - ok
17:41:33.0966 3320 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:41:34.0224 3320 igfx - ok
17:41:34.0231 3320 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:41:34.0233 3320 iirsp - ok
17:41:34.0279 3320 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:41:34.0296 3320 IKEEXT - ok
17:41:34.0405 3320 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
17:41:34.0419 3320 IntcAzAudAddService - ok
17:41:34.0480 3320 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:41:34.0487 3320 IntcDAud - ok
17:41:34.0515 3320 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:41:34.0517 3320 intelide - ok
17:41:34.0551 3320 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:41:34.0552 3320 intelppm - ok
17:41:34.0587 3320 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:41:34.0591 3320 IPBusEnum - ok
17:41:34.0597 3320 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:41:34.0599 3320 IpFilterDriver - ok
17:41:34.0642 3320 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:41:34.0652 3320 iphlpsvc - ok
17:41:34.0659 3320 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:41:34.0662 3320 IPMIDRV - ok
17:41:34.0674 3320 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:41:34.0676 3320 IPNAT - ok
17:41:34.0727 3320 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:41:34.0733 3320 iPod Service - ok
17:41:34.0760 3320 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:41:34.0761 3320 IRENUM - ok
17:41:34.0782 3320 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:41:34.0783 3320 isapnp - ok
17:41:34.0804 3320 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:41:34.0808 3320 iScsiPrt - ok
17:41:34.0824 3320 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:41:34.0825 3320 kbdclass - ok
17:41:34.0845 3320 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:41:34.0846 3320 kbdhid - ok
17:41:34.0860 3320 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:41:34.0861 3320 KeyIso - ok
17:41:34.0901 3320 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:41:34.0904 3320 KSecDD - ok
17:41:34.0926 3320 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:41:34.0928 3320 KSecPkg - ok
17:41:34.0945 3320 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:41:34.0946 3320 ksthunk - ok
17:41:34.0971 3320 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:41:34.0978 3320 KtmRm - ok
17:41:35.0010 3320 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
17:41:35.0014 3320 LanmanServer - ok
17:41:35.0032 3320 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:41:35.0036 3320 LanmanWorkstation - ok
17:41:35.0088 3320 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
17:41:35.0089 3320 LHDmgr - ok
17:41:35.0117 3320 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:41:35.0120 3320 lltdio - ok
17:41:35.0151 3320 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:41:35.0160 3320 lltdsvc - ok
17:41:35.0190 3320 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:41:35.0193 3320 lmhosts - ok
17:41:35.0269 3320 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:41:35.0274 3320 LMS - ok
17:41:35.0303 3320 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:41:35.0308 3320 LSI_FC - ok
17:41:35.0316 3320 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:41:35.0319 3320 LSI_SAS - ok
17:41:35.0326 3320 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:41:35.0329 3320 LSI_SAS2 - ok
17:41:35.0335 3320 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:41:35.0338 3320 LSI_SCSI - ok
17:41:35.0388 3320 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:41:35.0390 3320 luafv - ok
17:41:35.0436 3320 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
17:41:35.0437 3320 MBAMProtector - ok
17:41:35.0511 3320 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:41:35.0518 3320 MBAMService - ok
17:41:35.0558 3320 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:41:35.0562 3320 Mcx2Svc - ok
17:41:35.0590 3320 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
17:41:35.0592 3320 megasas - ok
17:41:35.0615 3320 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:41:35.0623 3320 MegaSR - ok
17:41:35.0665 3320 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:41:35.0667 3320 MEIx64 - ok
17:41:35.0695 3320 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:41:35.0699 3320 MMCSS - ok
17:41:35.0721 3320 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:41:35.0724 3320 Modem - ok
17:41:35.0753 3320 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:41:35.0754 3320 monitor - ok
17:41:35.0783 3320 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:41:35.0784 3320 mouclass - ok
17:41:35.0799 3320 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
17:41:35.0801 3320 mouhid - ok
17:41:35.0821 3320 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:41:35.0822 3320 mountmgr - ok
17:41:35.0911 3320 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:41:35.0914 3320 MozillaMaintenance - ok
17:41:35.0925 3320 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:41:35.0929 3320 mpio - ok
17:41:35.0974 3320 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:41:35.0977 3320 mpsdrv - ok
17:41:36.0057 3320 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
17:41:36.0091 3320 MpsSvc - ok
17:41:36.0101 3320 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:41:36.0106 3320 MRxDAV - ok
17:41:36.0120 3320 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:41:36.0122 3320 mrxsmb - ok
17:41:36.0145 3320 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:41:36.0149 3320 mrxsmb10 - ok
17:41:36.0161 3320 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:41:36.0163 3320 mrxsmb20 - ok
17:41:36.0177 3320 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
17:41:36.0177 3320 msahci - ok
17:41:36.0196 3320 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:41:36.0199 3320 msdsm - ok
17:41:36.0235 3320 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:41:36.0242 3320 MSDTC - ok
17:41:36.0266 3320 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:41:36.0266 3320 Msfs - ok
17:41:36.0284 3320 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:41:36.0286 3320 mshidkmdf - ok
17:41:36.0299 3320 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:41:36.0300 3320 msisadrv - ok
17:41:36.0323 3320 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:41:36.0327 3320 MSiSCSI - ok
17:41:36.0331 3320 msiserver - ok
17:41:36.0347 3320 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:41:36.0348 3320 MSKSSRV - ok
17:41:36.0353 3320 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:41:36.0354 3320 MSPCLOCK - ok
17:41:36.0359 3320 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:41:36.0360 3320 MSPQM - ok
17:41:36.0382 3320 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:41:36.0387 3320 MsRPC - ok
17:41:36.0417 3320 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
17:41:36.0418 3320 mssmbios - ok
17:41:36.0422 3320 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:41:36.0424 3320 MSTEE - ok
17:41:36.0428 3320 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:41:36.0429 3320 MTConfig - ok
17:41:36.0444 3320 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:41:36.0445 3320 Mup - ok
17:41:36.0491 3320 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:41:36.0500 3320 napagent - ok
17:41:36.0541 3320 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:41:36.0547 3320 NativeWifiP - ok
17:41:36.0671 3320 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
17:41:36.0682 3320 NBService - ok
17:41:36.0738 3320 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
17:41:36.0754 3320 NDIS - ok
17:41:36.0772 3320 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:41:36.0774 3320 NdisCap - ok
17:41:36.0803 3320 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:41:36.0805 3320 NdisTapi - ok
17:41:36.0815 3320 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:41:36.0817 3320 Ndisuio - ok
17:41:36.0831 3320 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:41:36.0834 3320 NdisWan - ok
17:41:36.0846 3320 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:41:36.0848 3320 NDProxy - ok
17:41:36.0858 3320 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:41:36.0859 3320 NetBIOS - ok
17:41:36.0874 3320 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:41:36.0878 3320 NetBT - ok
17:41:36.0893 3320 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:41:36.0894 3320 Netlogon - ok
17:41:36.0942 3320 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:41:36.0952 3320 Netman - ok
17:41:36.0973 3320 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:41:36.0981 3320 netprofm - ok
17:41:37.0011 3320 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:41:37.0012 3320 NetTcpPortSharing - ok
17:41:37.0041 3320 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:41:37.0043 3320 nfrd960 - ok
17:41:37.0069 3320 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
17:41:37.0076 3320 NlaSvc - ok
17:41:37.0154 3320 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
17:41:37.0159 3320 NMIndexingService - ok
17:41:37.0173 3320 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:41:37.0174 3320 Npfs - ok
17:41:37.0186 3320 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:41:37.0189 3320 nsi - ok
17:41:37.0193 3320 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:41:37.0194 3320 nsiproxy - ok
17:41:37.0244 3320 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:41:37.0278 3320 Ntfs - ok
17:41:37.0283 3320 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:41:37.0284 3320 Null - ok
17:41:37.0313 3320 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:41:37.0316 3320 nvraid - ok
17:41:37.0324 3320 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:41:37.0328 3320 nvstor - ok
17:41:37.0340 3320 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:41:37.0343 3320 nv_agp - ok
17:41:37.0351 3320 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:41:37.0353 3320 ohci1394 - ok
17:41:37.0375 3320 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:41:37.0377 3320 ose - ok
17:41:37.0496 3320 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:41:37.0572 3320 osppsvc - ok
17:41:37.0605 3320 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:41:37.0609 3320 p2pimsvc - ok
17:41:37.0642 3320 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:41:37.0651 3320 p2psvc - ok
17:41:37.0672 3320 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
17:41:37.0675 3320 Parport - ok
17:41:37.0711 3320 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:41:37.0713 3320 partmgr - ok
17:41:37.0727 3320 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:41:37.0733 3320 PcaSvc - ok
17:41:37.0754 3320 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:41:37.0757 3320 pci - ok
17:41:37.0762 3320 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
17:41:37.0763 3320 pciide - ok
17:41:37.0783 3320 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:41:37.0787 3320 pcmcia - ok
17:41:37.0802 3320 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:41:37.0803 3320 pcw - ok
17:41:37.0823 3320 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:41:37.0831 3320 PEAUTH - ok
17:41:37.0918 3320 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:41:37.0921 3320 PerfHost - ok
17:41:38.0004 3320 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:41:38.0046 3320 pla - ok
17:41:38.0100 3320 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:41:38.0112 3320 PlugPlay - ok
17:41:38.0158 3320 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:41:38.0163 3320 PNRPAutoReg - ok
17:41:38.0185 3320 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:41:38.0191 3320 PNRPsvc - ok
17:41:38.0229 3320 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:41:38.0239 3320 PolicyAgent - ok
17:41:38.0281 3320 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:41:38.0286 3320 Power - ok
17:41:38.0317 3320 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:41:38.0321 3320 PptpMiniport - ok
17:41:38.0340 3320 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
17:41:38.0343 3320 Processor - ok
17:41:38.0380 3320 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:41:38.0386 3320 ProfSvc - ok
17:41:38.0404 3320 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:41:38.0406 3320 ProtectedStorage - ok
17:41:38.0430 3320 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:41:38.0433 3320 Psched - ok
17:41:38.0483 3320 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:41:38.0518 3320 ql2300 - ok
17:41:38.0525 3320 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:41:38.0528 3320 ql40xx - ok
17:41:38.0569 3320 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:41:38.0576 3320 QWAVE - ok
17:41:38.0592 3320 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:41:38.0595 3320 QWAVEdrv - ok
17:41:38.0602 3320 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:41:38.0603 3320 RasAcd - ok
17:41:38.0640 3320 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:41:38.0642 3320 RasAgileVpn - ok
17:41:38.0655 3320 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:41:38.0659 3320 RasAuto - ok
17:41:38.0675 3320 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:41:38.0678 3320 Rasl2tp - ok
17:41:38.0706 3320 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:41:38.0713 3320 RasMan - ok
17:41:38.0725 3320 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:41:38.0728 3320 RasPppoe - ok
17:41:38.0745 3320 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:41:38.0747 3320 RasSstp - ok
17:41:38.0780 3320 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:41:38.0787 3320 rdbss - ok
17:41:38.0811 3320 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:41:38.0812 3320 rdpbus - ok
17:41:38.0827 3320 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:41:38.0828 3320 RDPCDD - ok
17:41:38.0842 3320 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:41:38.0844 3320 RDPENCDD - ok
17:41:38.0862 3320 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:41:38.0863 3320 RDPREFMP - ok
17:41:38.0894 3320 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:41:38.0898 3320 RDPWD - ok
17:41:38.0932 3320 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:41:38.0937 3320 rdyboost - ok
17:41:38.0967 3320 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:41:38.0971 3320 RemoteAccess - ok
17:41:39.0000 3320 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:41:39.0007 3320 RemoteRegistry - ok
17:41:39.0030 3320 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:41:39.0035 3320 RFCOMM - ok
17:41:39.0055 3320 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:41:39.0059 3320 RpcEptMapper - ok
17:41:39.0087 3320 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:41:39.0090 3320 RpcLocator - ok
17:41:39.0110 3320 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:41:39.0119 3320 RpcSs - ok
17:41:39.0153 3320 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:41:39.0156 3320 rspndr - ok
17:41:39.0188 3320 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
17:41:39.0192 3320 RSUSBVSTOR - ok
17:41:39.0243 3320 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:41:39.0250 3320 RTL8167 - ok
17:41:39.0270 3320 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:41:39.0272 3320 SamSs - ok
17:41:39.0284 3320 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:41:39.0286 3320 sbp2port - ok
17:41:39.0366 3320 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:41:39.0382 3320 SBSDWSCService - ok
17:41:39.0410 3320 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:41:39.0415 3320 SCardSvr - ok
17:41:39.0431 3320 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:41:39.0433 3320 scfilter - ok
17:41:39.0731 3320 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:41:39.0751 3320 Schedule - ok
17:41:39.0779 3320 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:41:39.0780 3320 SCPolicySvc - ok
17:41:39.0802 3320 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:41:39.0807 3320 SDRSVC - ok
17:41:39.0826 3320 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:41:39.0828 3320 secdrv - ok
17:41:39.0836 3320 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:41:39.0839 3320 seclogon - ok
17:41:39.0882 3320 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
17:41:39.0887 3320 SENS - ok
17:41:39.0930 3320 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:41:39.0932 3320 SensrSvc - ok
17:41:39.0948 3320 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
17:41:39.0949 3320 Serenum - ok
17:41:39.0969 3320 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
17:41:39.0970 3320 Serial - ok
17:41:39.0998 3320 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
17:41:39.0999 3320 sermouse - ok
17:41:40.0023 3320 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:41:40.0026 3320 SessionEnv - ok
17:41:40.0038 3320 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:41:40.0039 3320 sffdisk - ok
17:41:40.0046 3320 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:41:40.0047 3320 sffp_mmc - ok
17:41:40.0056 3320 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:41:40.0057 3320 sffp_sd - ok
17:41:40.0070 3320 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:41:40.0071 3320 sfloppy - ok
17:41:40.0100 3320 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
17:41:40.0104 3320 Sftfs - ok
17:41:40.0215 3320 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:41:40.0217 3320 sftlist - ok
17:41:40.0252 3320 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
17:41:40.0253 3320 Sftplay - ok
17:41:40.0260 3320 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
17:41:40.0261 3320 Sftredir - ok
17:41:40.0268 3320 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
17:41:40.0269 3320 Sftvol - ok
17:41:40.0308 3320 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:41:40.0309 3320 sftvsa - ok
17:41:40.0352 3320 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
17:41:40.0356 3320 SharedAccess - ok
17:41:40.0387 3320 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:41:40.0392 3320 ShellHWDetection - ok
17:41:40.0414 3320 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:41:40.0415 3320 SiSRaid2 - ok
17:41:40.0437 3320 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:41:40.0439 3320 SiSRaid4 - ok
17:41:40.0459 3320 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:41:40.0461 3320 Smb - ok
17:41:40.0482 3320 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:41:40.0484 3320 SNMPTRAP - ok
17:41:40.0498 3320 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:41:40.0498 3320 spldr - ok
17:41:40.0537 3320 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
17:41:40.0543 3320 Spooler - ok
17:41:40.0619 3320 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:41:40.0676 3320 sppsvc - ok
17:41:40.0743 3320 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:41:40.0745 3320 sppuinotify - ok
17:41:40.0757 3320 [ 454800C2BC7F3927CE030141EE4F4C50 ] SPUVCbv C:\windows\system32\Drivers\usbvideo.sys
17:41:40.0759 3320 SPUVCbv - ok
17:41:40.0776 3320 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:41:40.0781 3320 srv - ok
17:41:40.0811 3320 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:41:40.0815 3320 srv2 - ok
17:41:40.0837 3320 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:41:40.0839 3320 srvnet - ok
17:41:40.0889 3320 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:41:40.0895 3320 SSDPSRV - ok
17:41:40.0910 3320 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:41:40.0914 3320 SstpSvc - ok
17:41:40.0929 3320 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
17:41:40.0930 3320 stexstor - ok
17:41:40.0959 3320 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:41:40.0969 3320 stisvc - ok
17:41:41.0028 3320 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
17:41:41.0030 3320 swenum - ok
17:41:41.0058 3320 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:41:41.0076 3320 swprv - ok
17:41:41.0178 3320 [ 08425CD92972C6430F350A9697F4A553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:41:41.0195 3320 SynTP - ok
17:41:41.0241 3320 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:41:41.0299 3320 SysMain - ok
17:41:41.0310 3320 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:41:41.0313 3320 TabletInputService - ok
17:41:41.0329 3320 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:41:41.0335 3320 TapiSrv - ok
17:41:41.0344 3320 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:41:41.0346 3320 TBS - ok
17:41:41.0427 3320 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:41:41.0466 3320 Tcpip - ok
17:41:41.0515 3320 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:41:41.0531 3320 TCPIP6 - ok
17:41:41.0559 3320 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:41:41.0560 3320 tcpipreg - ok
17:41:41.0577 3320 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:41:41.0578 3320 TDPIPE - ok
17:41:41.0602 3320 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:41:41.0604 3320 TDTCP - ok
17:41:41.0629 3320 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:41:41.0633 3320 tdx - ok
17:41:41.0653 3320 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
17:41:41.0655 3320 TermDD - ok
17:41:41.0699 3320 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:41:41.0733 3320 TermService - ok
17:41:41.0758 3320 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:41:41.0761 3320 Themes - ok
17:41:41.0772 3320 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:41:41.0775 3320 THREADORDER - ok
17:41:41.0841 3320 TolbarUpdater - ok
17:41:41.0866 3320 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:41:41.0872 3320 TrkWks - ok
17:41:41.0928 3320 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:41:41.0931 3320 TrustedInstaller - ok
17:41:41.0950 3320 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:41:41.0953 3320 tssecsrv - ok
17:41:41.0977 3320 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:41:41.0980 3320 TsUsbFlt - ok
17:41:42.0022 3320 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:41:42.0025 3320 TsUsbGD - ok
17:41:42.0067 3320 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:41:42.0070 3320 tunnel - ok
17:41:42.0077 3320 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:41:42.0080 3320 uagp35 - ok
17:41:42.0105 3320 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:41:42.0113 3320 udfs - ok
17:41:42.0153 3320 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:41:42.0157 3320 UI0Detect - ok
17:41:42.0190 3320 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:41:42.0193 3320 uliagpkx - ok
17:41:42.0228 3320 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:41:42.0230 3320 umbus - ok
17:41:42.0237 3320 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
17:41:42.0239 3320 UmPass - ok
17:41:42.0367 3320 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:41:42.0433 3320 UNS - ok
17:41:42.0516 3320 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:41:42.0528 3320 upnphost - ok
17:41:42.0568 3320 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
17:41:42.0571 3320 USBAAPL64 - ok
17:41:42.0597 3320 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:41:42.0600 3320 usbccgp - ok
17:41:42.0617 3320 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:41:42.0621 3320 usbcir - ok
17:41:42.0640 3320 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:41:42.0643 3320 usbehci - ok
17:41:42.0676 3320 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:41:42.0684 3320 usbhub - ok
17:41:42.0695 3320 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:41:42.0698 3320 usbohci - ok
17:41:42.0705 3320 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
17:41:42.0707 3320 usbprint - ok
17:41:42.0720 3320 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:41:42.0722 3320 USBSTOR - ok
17:41:42.0726 3320 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:41:42.0727 3320 usbuhci - ok
17:41:42.0757 3320 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:41:42.0759 3320 usbvideo - ok
17:41:42.0781 3320 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:41:42.0784 3320 UxSms - ok
17:41:42.0792 3320 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:41:42.0793 3320 VaultSvc - ok
17:41:42.0827 3320 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:41:42.0827 3320 vdrvroot - ok
17:41:42.0846 3320 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:41:42.0853 3320 vds - ok
17:41:42.0877 3320 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:41:42.0879 3320 vga - ok
17:41:42.0898 3320 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:41:42.0900 3320 VgaSave - ok
17:41:42.0905 3320 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:41:42.0909 3320 vhdmp - ok
17:41:42.0927 3320 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:41:42.0929 3320 viaide - ok
17:41:42.0950 3320 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:41:42.0951 3320 volmgr - ok
17:41:42.0975 3320 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:41:42.0980 3320 volmgrx - ok
17:41:42.0993 3320 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:41:42.0996 3320 volsnap - ok
17:41:43.0026 3320 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:41:43.0029 3320 vsmraid - ok
17:41:43.0074 3320 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:41:43.0119 3320 VSS - ok
17:41:43.0156 3320 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:41:43.0157 3320 vwifibus - ok
17:41:43.0184 3320 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:41:43.0187 3320 vwififlt - ok
17:41:43.0210 3320 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:41:43.0218 3320 W32Time - ok
17:41:43.0228 3320 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
17:41:43.0230 3320 WacomPen - ok
17:41:43.0261 3320 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:41:43.0263 3320 WANARP - ok
17:41:43.0269 3320 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:41:43.0270 3320 Wanarpv6 - ok
17:41:43.0339 3320 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:41:43.0374 3320 WatAdminSvc - ok
17:41:43.0426 3320 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:41:43.0479 3320 wbengine - ok
17:41:43.0497 3320 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:41:43.0502 3320 WbioSrvc - ok
17:41:43.0516 3320 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:41:43.0533 3320 wcncsvc - ok
17:41:43.0540 3320 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:41:43.0543 3320 WcsPlugInService - ok
17:41:43.0564 3320 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
17:41:43.0565 3320 Wd - ok
17:41:43.0597 3320 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:41:43.0614 3320 Wdf01000 - ok
17:41:43.0631 3320 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:41:43.0635 3320 WdiServiceHost - ok
17:41:43.0640 3320 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:41:43.0644 3320 WdiSystemHost - ok
17:41:43.0664 3320 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:41:43.0671 3320 WebClient - ok
17:41:43.0688 3320 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:41:43.0696 3320 Wecsvc - ok
17:41:43.0707 3320 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:41:43.0711 3320 wercplsupport - ok
17:41:43.0723 3320 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:41:43.0728 3320 WerSvc - ok
17:41:43.0761 3320 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:41:43.0763 3320 WfpLwf - ok
17:41:43.0782 3320 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:41:43.0783 3320 WIMMount - ok
17:41:43.0800 3320 WinDefend - ok
17:41:43.0807 3320 WinHttpAutoProxySvc - ok
17:41:43.0867 3320 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:41:43.0874 3320 Winmgmt - ok
17:41:43.0947 3320 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
17:41:44.0005 3320 WinRM - ok
17:41:44.0068 3320 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:41:44.0071 3320 WinUsb - ok
17:41:44.0120 3320 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:41:44.0153 3320 Wlansvc - ok
17:41:44.0222 3320 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:41:44.0224 3320 wlcrasvc - ok
17:41:44.0304 3320 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:41:44.0394 3320 wlidsvc - ok
17:41:44.0446 3320 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
17:41:44.0446 3320 WmiAcpi - ok
17:41:44.0472 3320 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:41:44.0478 3320 wmiApSrv - ok
17:41:44.0516 3320 WMPNetworkSvc - ok
17:41:44.0538 3320 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:41:44.0542 3320 WPCSvc - ok
17:41:44.0560 3320 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:41:44.0566 3320 WPDBusEnum - ok
17:41:44.0586 3320 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:41:44.0587 3320 ws2ifsl - ok
17:41:44.0600 3320 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
17:41:44.0606 3320 wscsvc - ok
17:41:44.0612 3320 WSearch - ok
17:41:44.0691 3320 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
17:41:44.0696 3320 wsvd - ok
17:41:44.0805 3320 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
17:41:44.0872 3320 wuauserv - ok
17:41:44.0884 3320 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:41:44.0886 3320 WudfPf - ok
17:41:44.0916 3320 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:41:44.0919 3320 WUDFRd - ok
17:41:44.0942 3320 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:41:44.0945 3320 wudfsvc - ok
17:41:44.0964 3320 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
17:41:44.0974 3320 WwanSvc - ok
17:41:44.0987 3320 ================ Scan global ===============================
17:41:45.0015 3320 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:41:45.0045 3320 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
17:41:45.0067 3320 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
17:41:45.0100 3320 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:41:45.0145 3320 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:41:45.0156 3320 [Global] - ok
17:41:45.0157 3320 ================ Scan MBR ==================================
17:41:45.0166 3320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:41:45.0392 3320 \Device\Harddisk0\DR0 - ok
17:41:45.0393 3320 ================ Scan VBR ==================================
17:41:45.0397 3320 [ 71AF63B7FAF56CE5CC3E0A9F06188EDC ] \Device\Harddisk0\DR0\Partition1
17:41:45.0401 3320 \Device\Harddisk0\DR0\Partition1 - ok
17:41:45.0416 3320 [ 729E8114493B317873643CBFAA12BD1A ] \Device\Harddisk0\DR0\Partition2
17:41:45.0418 3320 \Device\Harddisk0\DR0\Partition2 - ok
17:41:45.0452 3320 [ F1AE03479B4C8793FDAFDD6683E1C176 ] \Device\Harddisk0\DR0\Partition3
17:41:45.0455 3320 \Device\Harddisk0\DR0\Partition3 - ok
17:41:45.0456 3320 ============================================================
17:41:45.0456 3320 Scan finished
17:41:45.0456 3320 ============================================================
17:41:45.0467 3908 Detected object count: 0
17:41:45.0468 3908 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-27 17:44:08
-----------------------------
17:44:08.175 OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:08.175 Number of processors: 4 586 0x2A07
17:44:08.175 ComputerName: EMILY-PC UserName: Emily
17:44:09.423 Initialize success
17:50:04.671 AVAST engine defs: 12092700
17:50:21.940 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:50:21.945 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
17:50:21.956 Disk 0 MBR read successfully
17:50:21.962 Disk 0 MBR scan
17:50:21.971 Disk 0 Windows 7 default MBR code
17:50:21.977 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
17:50:21.994 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670402 MB offset 411648
17:50:22.000 Disk 0 Partition - 00 0F Extended LBA 29693 MB offset 1373394944
17:50:22.035 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
17:50:22.064 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29692 MB offset 1373396992
17:50:22.124 Disk 0 scanning C:\windows\system32\drivers
17:50:29.628 Service scanning
17:50:53.198 Modules scanning
17:50:53.217 Disk 0 trace - called modules:
17:50:53.254 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:50:53.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800969c060]
17:50:53.277 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800779e050]
17:50:55.027 AVAST engine scan C:\windows
17:50:59.649 AVAST engine scan C:\windows\system32
17:52:56.077 AVAST engine scan C:\windows\system32\drivers
17:53:04.888 AVAST engine scan C:\Users\Emily
17:56:54.544 AVAST engine scan C:\ProgramData
17:57:26.069 Scan finished successfully
17:58:11.235 Disk 0 MBR has been saved successfully to "C:\Users\Emily\Desktop\MBR.dat"
17:58:11.238 The log file has been saved successfully to "C:\Users\Emily\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 27 September 2012 - 01:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cassette

cassette
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 September 2012 - 03:20 PM

ComboFix 12-09-27.03 - Emily 27/09/2012 20:43:48.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.6127 [GMT 1:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
Command switches used :: c:\users\Emily\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 19:46 . 2012-09-27 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-27 01:00 . 2012-09-27 01:01 -------- d-----w- C:\FRST
2012-09-26 22:27 . 2012-09-18 23:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1DAAAA8-D844-46D8-A22F-BEE6926DC9D4}\mpengine.dll
2012-09-26 22:26 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 17:17 . 2012-09-26 17:17 -------- d-----w- c:\users\Emily\AppData\Roaming\Deep Shadows
2012-09-26 11:12 . 2012-09-26 11:12 128512 ----a-w- c:\windows\SysWow64\WinMonitor.exe
2012-09-25 20:21 . 2012-09-26 16:21 -------- d-----w- c:\program files (x86)\The Chronicles of Emerland Solitaire
2012-09-25 20:09 . 2012-09-25 20:09 -------- d-----w- c:\users\Emily\AppData\Roaming\Rainbow
2012-09-25 11:38 . 2012-09-25 11:39 -------- d-----w- c:\users\Emily\AppData\Roaming\realore_whiterra_adelantado_beta
2012-09-25 11:38 . 2012-09-25 11:38 -------- d-----w- c:\windows\Adelantado
2012-09-25 11:37 . 2012-09-25 11:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-25 11:36 . 2012-09-25 11:37 -------- d-----w- c:\users\Emily\AppData\Roaming\realore_whiterra_adelantado_ru
2012-09-25 11:25 . 2012-09-25 11:28 -------- d-----w- c:\program files (x86)\The Great Unknown - Houdini's Castle CE
2012-09-21 17:00 . 2012-09-21 17:00 -------- d-----w- c:\users\Emily\AppData\Roaming\Top Evidence
2012-09-21 17:00 . 2012-09-21 17:00 -------- d-----w- c:\programdata\Top Evidence
2012-09-19 19:12 . 2012-09-19 19:12 -------- d-----w- c:\windows\SysWow64\2030
2012-09-19 16:01 . 2012-09-19 16:01 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-19 16:01 . 2012-09-19 16:01 -------- d-----w- c:\program files (x86)\Java
2012-09-18 16:30 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-18 16:30 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-18 16:30 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-18 16:30 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-18 16:30 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-18 16:30 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-18 16:30 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-18 12:11 . 2012-09-18 12:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-18 11:51 . 2012-09-18 11:51 -------- d-----w- c:\users\Emily\AppData\Roaming\Inertia Game Studios
2012-09-13 11:57 . 2012-09-18 16:16 -------- d-----w- c:\program files (x86)\Boutique Boulevard
2012-09-12 21:16 . 2012-09-12 21:16 -------- d-----w- c:\users\Emily\AppData\Roaming\OpenOffice.org
2012-09-12 21:14 . 2012-09-20 21:03 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-09-05 19:12 . 2012-09-19 19:12 -------- d-----w- c:\windows\SysWow64\1096
2012-09-03 20:22 . 2012-09-03 20:22 -------- d-----w- c:\users\Emily\AppData\Roaming\BlooBuzz
2012-09-03 20:21 . 2012-09-03 20:21 -------- d-----w- c:\users\Emily\AppData\Roaming\Time Builders - Pyramid Rising 2 Strategy Guide
2012-09-03 20:21 . 2012-09-18 16:16 -------- d-----w- c:\program files (x86)\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-03 20:21 . 2012-09-03 20:21 -------- d-----w- c:\windows\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-02 11:35 . 2012-09-02 11:35 -------- d-----w- c:\users\Emily\AppData\Local\Microsoft Help
2012-09-02 11:35 . 2012-09-02 11:35 -------- d-----w- c:\programdata\Microsoft Help
2012-08-31 11:42 . 2012-08-31 11:42 2295920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 11:41 . 2012-08-31 11:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-28 21:57 . 2012-08-28 21:57 -------- d-----w- c:\users\Emily\AppData\Roaming\Specialbit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 11:37 . 2012-04-22 20:55 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 11:37 . 2012-04-22 20:55 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 11:51 . 2012-07-26 08:26 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 11:51 . 2012-07-26 08:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-19 16:01 . 2012-05-08 22:06 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-19 16:01 . 2012-05-08 22:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-18 16:57 . 2012-04-23 11:31 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-26 08:26 . 2012-07-26 08:26 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-18 18:15 . 2012-08-22 21:13 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-23 10:57 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-22 21:13 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-22 21:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-22 21:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-22 21:13 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 12:46 . 2012-04-30 16:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-15 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
R2 TolbarUpdater;Toolbar Updater;c:\users\Emily\AppData\Local\Temp\ToolbarUpdater.exe [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-03-15 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-03-15 39008]
S1 aswKbd;aswKbd; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-03-15 13408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-03-15 29792]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 74368456
*NewlyCreated* - ASWMBR
*Deregistered* - 74368456
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 15:39]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-15 15:42 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-15 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-03-15 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-15 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-15 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
------- Supplementary Scan -------
.
uStart Page = gamezona.org
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\x58mi82o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.ie
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2685112163-3244535764-819143802-1001\Software\SecuROM\License information*]
"datasecu"=hex:1c,4e,34,c7,3d,eb,ad,f8,d2,51,2b,5b,4c,e8,51,d0,d6,5a,4a,37,38,
83,e9,2f,96,5b,e7,fa,a5,ae,60,18,11,cd,f6,8e,93,f8,c6,4c,4c,1a,09,16,24,61,\
"rkeysecu"=hex:8a,80,10,b7,ac,3e,a7,c5,4c,41,35,92,c0,94,6e,93
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
Hi again,

Followed your instructions and used the .txt file to open Combofix. Combofix updated itself on opening though so I'm not certain if it ran in the way if you wanted? Anyway, below is the log it generated.
Didn't have to restart at any stage and computer seems to be running fine although not exactly sure what I should be checking for?

And again, I really appreciate all your time and help with this.


.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-27 20:48:14
ComboFix-quarantined-files.txt 2012-09-27 19:48
ComboFix2.txt 2012-09-26 22:26
.
Pre-Run: 525,204,271,104 bytes free
Post-Run: 525,033,979,904 bytes free
.
- - End Of File - - DB1808366957CE1F9646B0604F3730EE

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 28 September 2012 - 02:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cassette

cassette
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 28 September 2012 - 08:39 AM

Hi, I posted this last night, but maybe did something wrong? Anyway, hope I've got it right this time..
Didn't have to restart, had no problems (but then again, I haven't had any obvious problems at all with this computer, despite the virus), and computer seems to be running fine, although I'm not exactly sure what I should be looking for with this?

Anyway, below is the report from Combofix


ComboFix 12-09-27.03 - Emily 28/09/2012 14:30:23.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.5864 [GMT 1:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
Command switches used :: c:\users\Emily\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 13:33 . 2012-09-28 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-27 01:00 . 2012-09-27 01:01 -------- d-----w- C:\FRST
2012-09-26 22:27 . 2012-09-18 23:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1DAAAA8-D844-46D8-A22F-BEE6926DC9D4}\mpengine.dll
2012-09-26 22:26 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 17:17 . 2012-09-26 17:17 -------- d-----w- c:\users\Emily\AppData\Roaming\Deep Shadows
2012-09-26 11:12 . 2012-09-26 11:12 128512 ----a-w- c:\windows\SysWow64\WinMonitor.exe
2012-09-25 20:21 . 2012-09-26 16:21 -------- d-----w- c:\program files (x86)\The Chronicles of Emerland Solitaire
2012-09-25 20:09 . 2012-09-25 20:09 -------- d-----w- c:\users\Emily\AppData\Roaming\Rainbow
2012-09-25 11:38 . 2012-09-25 11:39 -------- d-----w- c:\users\Emily\AppData\Roaming\realore_whiterra_adelantado_beta
2012-09-25 11:38 . 2012-09-25 11:38 -------- d-----w- c:\windows\Adelantado
2012-09-25 11:37 . 2012-09-25 11:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-25 11:36 . 2012-09-25 11:37 -------- d-----w- c:\users\Emily\AppData\Roaming\realore_whiterra_adelantado_ru
2012-09-25 11:25 . 2012-09-25 11:28 -------- d-----w- c:\program files (x86)\The Great Unknown - Houdini's Castle CE
2012-09-21 17:00 . 2012-09-21 17:00 -------- d-----w- c:\users\Emily\AppData\Roaming\Top Evidence
2012-09-21 17:00 . 2012-09-21 17:00 -------- d-----w- c:\programdata\Top Evidence
2012-09-19 19:12 . 2012-09-19 19:12 -------- d-----w- c:\windows\SysWow64\2030
2012-09-19 16:01 . 2012-09-19 16:01 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-19 16:01 . 2012-09-19 16:01 -------- d-----w- c:\program files (x86)\Java
2012-09-18 16:30 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-18 16:30 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-18 16:30 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-18 16:30 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-18 16:30 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-18 16:30 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-18 16:30 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-18 12:11 . 2012-09-18 12:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-18 11:51 . 2012-09-18 11:51 -------- d-----w- c:\users\Emily\AppData\Roaming\Inertia Game Studios
2012-09-13 11:57 . 2012-09-18 16:16 -------- d-----w- c:\program files (x86)\Boutique Boulevard
2012-09-12 21:16 . 2012-09-12 21:16 -------- d-----w- c:\users\Emily\AppData\Roaming\OpenOffice.org
2012-09-12 21:14 . 2012-09-20 21:03 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-09-05 19:12 . 2012-09-19 19:12 -------- d-----w- c:\windows\SysWow64\1096
2012-09-03 20:22 . 2012-09-03 20:22 -------- d-----w- c:\users\Emily\AppData\Roaming\BlooBuzz
2012-09-03 20:21 . 2012-09-03 20:21 -------- d-----w- c:\users\Emily\AppData\Roaming\Time Builders - Pyramid Rising 2 Strategy Guide
2012-09-03 20:21 . 2012-09-18 16:16 -------- d-----w- c:\program files (x86)\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-03 20:21 . 2012-09-03 20:21 -------- d-----w- c:\windows\The TimeBuilders - Pyramid Rising 2 With Guide
2012-09-02 11:35 . 2012-09-02 11:35 -------- d-----w- c:\users\Emily\AppData\Local\Microsoft Help
2012-09-02 11:35 . 2012-09-02 11:35 -------- d-----w- c:\programdata\Microsoft Help
2012-08-31 11:42 . 2012-08-31 11:42 2295920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 11:41 . 2012-08-31 11:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 11:37 . 2012-04-22 20:55 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 11:37 . 2012-04-22 20:55 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 11:51 . 2012-07-26 08:26 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 11:51 . 2012-07-26 08:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-19 16:01 . 2012-05-08 22:06 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-19 16:01 . 2012-05-08 22:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-18 16:57 . 2012-04-23 11:31 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-26 08:26 . 2012-07-26 08:26 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-18 18:15 . 2012-08-22 21:13 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-23 10:57 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-22 21:13 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-22 21:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-22 21:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-22 21:13 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 12:46 . 2012-04-30 16:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-15 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
R2 TolbarUpdater;Toolbar Updater;c:\users\Emily\AppData\Local\Temp\ToolbarUpdater.exe [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-03-15 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-03-15 39008]
S1 aswKbd;aswKbd; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-03-15 13408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-03-15 29792]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 74368456
*NewlyCreated* - ASWMBR
*Deregistered* - 74368456
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 15:39]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-15 15:42 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-15 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-03-15 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-15 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-15 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
------- Supplementary Scan -------
.
uStart Page = gamezona.org
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\x58mi82o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.ie
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2685112163-3244535764-819143802-1001\Software\SecuROM\License information*]
"datasecu"=hex:1c,4e,34,c7,3d,eb,ad,f8,d2,51,2b,5b,4c,e8,51,d0,d6,5a,4a,37,38,
83,e9,2f,96,5b,e7,fa,a5,ae,60,18,11,cd,f6,8e,93,f8,c6,4c,4c,1a,09,16,24,61,\
"rkeysecu"=hex:8a,80,10,b7,ac,3e,a7,c5,4c,41,35,92,c0,94,6e,93
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-28 14:34:39
ComboFix-quarantined-files.txt 2012-09-28 13:34
ComboFix2.txt 2012-09-27 19:48
ComboFix3.txt 2012-09-26 22:26
.
Pre-Run: 527,824,801,792 bytes free
Post-Run: 527,746,179,072 bytes free
.
- - End Of File - - 570716B29ED6E30CABF38BCA799B3E1E




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users