Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix continuously reports system32 files infected


  • This topic is locked This topic is locked
5 replies to this topic

#1 SALADART

SALADART

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 24 July 2013 - 05:36 PM

This is a Windows 7 64-bit system - Trend Micro is installed and keeps reporting hundreds of URL violations from this one PC.

 

I have run Combofix from safe mode and every time I run it, the same files keep being reported as infected files.  In safe mode, I have run TDSSKILLER, Adwcleaner, I have even installed Microsoft Security Essentials and ran a full scan - the files that combofix report as infected are not being reported as infected by Trend Micro or Microsoft Security Essentials.

 

Additionally, I have run roguekiller and it found registry entries - I cleaned them.  I also ran MalwareBytes (in safe mode) and it found some infected files and cleaned them - re-ran another scan and found nothing.

 

The issue seems to be with the files in the system32 directory (combofix (and I downloaded clean fresh versions each time I scanned) keeps finding these files as infected) and is still there as Trend Micro keeps reporting URL Violations on this one computer.

 

I'll attach log files for your review and analysis.

 

This is my first time posting here - I have read through many so hopefully I have provided you enough to help me out...

 

Sean

Here are log file contents:

This is a Windows 7 64-bit system - Trend Micro is installed and keeps reporting hundreds of URL violations from this one PC.

 

I have run Combofix from safe mode and every time I run it, the same files keep being reported as infected files.  In safe mode, I have run TDSSKILLER, Adwcleaner, I have even installed Microsoft Security Essentials and ran a full scan - the files that combofix report as infected are not being reported as infected by Trend Micro or Microsoft Security Essentials.

 

Additionally, I have run roguekiller and it found registry entries - I cleaned them.  I also ran MalwareBytes (in safe mode) and it found some infected files and cleaned them - re-ran another scan and found nothing.

 

The issue seems to be with the files in the system32 directory (combofix (and I downloaded clean fresh versions each time I scanned) keeps finding these files as infected) and is still there as Trend Micro keeps reporting URL Violations on this one computer.

 

I'll attach log files for your review and analysis.

 

This is my first time posting here - I have read through many so hopefully I have provided you enough to help me out...

 

Sean

 
 
ComboFix 12-12-10.01 - Administrator 12/12/2012  13:44:50.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3993.2645 [GMT -6:00]
Running from: c:\users\Administrator.PHARMACY2\Downloads\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dtran.MJECH\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-12 to 2012-12-12  )))))))))))))))))))))))))))))))
.
.
2012-12-12 19:48 . 2012-12-12 19:48 -------- d-----w- c:\users\saladart\AppData\Local\temp
2012-12-12 19:48 . 2012-12-12 19:48 -------- d-----w- c:\users\dtran.MJECH\AppData\Local\temp
2012-12-12 19:48 . 2012-12-12 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 19:48 . 2012-12-12 19:48 -------- d-----w- c:\users\dtran\AppData\Local\temp
2012-12-12 19:48 . 2012-12-12 19:48 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-12-12 19:48 . 2012-12-12 19:48 -------- d-----w- c:\users\administrator.MJECH\AppData\Local\temp
2012-12-12 19:42 . 2012-12-12 19:42 8294480 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-12-12 19:29 . 2012-12-12 19:29 -------- d-----w- c:\users\Administrator.PHARMACY2
2012-12-12 17:57 . 2012-12-12 17:57 -------- d-----w- c:\users\administrator.MJECH\AppData\Roaming\Malwarebytes
2012-12-12 17:57 . 2012-12-12 17:57 -------- d-----w- c:\programdata\Malwarebytes
2012-12-12 17:57 . 2012-12-12 19:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-12 17:44 . 2012-12-12 17:44 -------- d-----w- c:\users\administrator.MJECH\AppData\Roaming\Apple Computer
2012-12-12 17:44 . 2012-12-12 17:44 -------- d-----w- c:\users\administrator.MJECH\AppData\Local\LogMeIn
2012-12-12 17:30 . 2012-12-12 19:20 -------- d-----w- c:\users\dtran.MJECH\AppData\Local\LogMeIn Rescue Applet
2012-12-12 15:30 . 2012-12-12 15:30 -------- d-----w- c:\users\dtran.MJECH\AppData\Local\LogMeIn
2012-12-12 15:30 . 2012-12-12 15:30 -------- d-----w- c:\programdata\LogMeIn
2012-12-12 15:29 . 2012-12-12 19:13 -------- d-----w- c:\program files (x86)\LogMeIn
2012-11-15 09:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 09:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 09:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 09:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 00:53 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-27 13:26 . 2012-10-27 13:26 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-27 18:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 18:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 18:49 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-23 13:03 . 2012-09-23 13:03 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-09-21 12:15 . 2012-07-30 14:19 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 12:14 . 2012-07-30 14:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-14 19:19 . 2012-10-10 12:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-09-03 2102320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe [2009-08-03 1049328]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LMIRescue_28f1c583-a8b7-4eec-a29c-16abbb7ff437;LogMeIn Rescue (28f1c583-a8b7-4eec-a29c-16abbb7ff437);c:\users\dtran.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe [2012-12-12 2533800]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-08-15 50736]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 344376]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 42808]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-08-08 918064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 10.200.176.49 10.200.176.47 24.93.41.125 24.93.41.126
TCP: Interfaces\{D53CD2BD-2BE7-44A2-BC54-28A2D10A1D3A}: NameServer = 10.200.176.49,10.200.176.47
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://10.200.176.251/webrec.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2565153305-1694867223-2947172867-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6d,dc,
   92,b4,8d,ee,0d,97,49,c8,e8,45,6c,37,27
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,29,94,
   58,f7,82,4f,0f,80,a3,4f,59,e3,af,e0,8b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c8,
   07,9f,ba,e9,0c,ba,9d,bd,17,8d,6b,f1,db
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,2b,b6,
   03,2f,8e,38,04,8a,8e,29,46,04,4a,e0,4b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,27,
   8f,30,1e,d5,04,91,c7,16,24,77,4d,2f,de
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cc,6b,
   b1,53,ba,25,06,9d,78,43,05,ef,53,55,08
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e4,
   ab,13,5c,33,07,a5,29,05,f3,01,cb,4e,e7
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,22,d9,
   cd,78,ab,2a,09,87,85,44,9c,2e,7d,8f,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,df,
   c4,77,f6,31,0d,a3,7f,db,65,c0,80,c4,b1
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,02,80,
   eb,92,88,39,0e,86,6f,21,1d,8f,a3,ec,6f
.
[HKEY_USERS\S-1-5-21-2565153305-1694867223-2947172867-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:de,0b,3b,cd,9f,d8,cd,01
.
[HKEY_USERS\S-1-5-21-2565153305-1694867223-2947172867-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,1e,65,d4,e8,e1,6c,4f,96,be,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,1e,65,d4,e8,e1,6c,4f,96,be,9e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\users\dtran.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-12-12  13:58:17 - machine was rebooted
ComboFix-quarantined-files.txt  2012-12-12 19:58
.
Pre-Run: 168,480,550,912 bytes free
Post-Run: 170,292,699,136 bytes free
.
- - End Of File - - BB63C0FB3BEDD5A89FFD005AA7EE75BD
ComboFix 13-05-21.01 - dtran 05/21/2013  12:01:41.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3993.2351 [GMT -5:00]
Running from: c:\users\dtran.MJECH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRMLUEXT\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-21 to 2013-05-21  )))))))))))))))))))))))))))))))
.
.
2013-05-21 17:09 . 2013-05-21 17:09 -------- d-----w- c:\users\VSLACK\AppData\Local\temp
2013-05-21 17:09 . 2013-05-21 17:09 -------- d-----w- c:\users\saladart\AppData\Local\temp
2013-05-21 17:09 . 2013-05-21 17:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-21 17:09 . 2013-05-21 17:09 -------- d-----w- c:\users\dtran\AppData\Local\temp
2013-05-21 17:09 . 2013-05-21 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-21 17:09 . 2013-05-21 17:09 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-05-21 17:09 . 2013-05-21 17:09 -------- d-----w- c:\users\Administrator.PHARMACY2\AppData\Local\temp
2013-05-21 17:09 . 2013-05-21 17:09 -------- d-----w- c:\users\administrator.MJECH\AppData\Local\temp
2013-05-21 16:57 . 2013-05-21 16:57 -------- d-----w- C:\Downloads
2013-05-15 07:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-09 17:55 . 2013-05-09 17:55 -------- d-----w- C:\Logs
2013-04-25 06:39 . 2013-04-25 06:39 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-24 08:41 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 13:31 . 2012-07-30 16:46 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 08:05 . 2012-12-20 09:02 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-04-13 05:49 . 2013-05-15 07:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 07:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 07:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 07:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 07:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-19 08:02 . 2013-03-19 08:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-19 08:02 . 2013-03-19 08:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-19 08:02 . 2013-03-19 08:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-19 08:02 . 2013-03-19 08:02 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-19 08:02 . 2013-03-19 08:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-19 08:02 . 2013-03-19 08:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-19 08:02 . 2013-03-19 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-19 08:02 . 2013-03-19 08:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-19 08:02 . 2013-03-19 08:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-19 08:02 . 2013-03-19 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-19 08:02 . 2013-03-19 08:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-19 08:02 . 2013-03-19 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-19 08:02 . 2013-03-19 08:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-19 08:02 . 2013-03-19 08:02 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-19 08:02 . 2013-03-19 08:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-19 08:02 . 2013-03-19 08:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-19 08:02 . 2013-03-19 08:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-19 08:02 . 2013-03-19 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-19 08:02 . 2013-03-19 08:02 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-19 08:02 . 2013-03-19 08:02 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-19 08:02 . 2013-03-19 08:02 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-19 08:02 . 2013-03-19 08:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-19 08:02 . 2013-03-19 08:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-19 08:02 . 2013-03-19 08:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-19 08:02 . 2013-03-19 08:02 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-19 08:02 . 2013-03-19 08:02 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-19 08:02 . 2013-03-19 08:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-19 08:02 . 2013-03-19 08:02 441856 ----a-w- c:\windows\system32\html.iec
2013-03-19 08:02 . 2013-03-19 08:02 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-19 08:02 . 2013-03-19 08:02 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-19 08:02 . 2013-03-19 08:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-19 08:02 . 2013-03-19 08:02 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-19 08:02 . 2013-03-19 08:02 235008 ----a-w- c:\windows\system32\url.dll
2013-03-19 08:02 . 2013-03-19 08:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-19 08:02 . 2013-03-19 08:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-19 08:02 . 2013-03-19 08:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-19 08:02 . 2013-03-19 08:02 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-19 08:02 . 2013-03-19 08:02 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-19 08:02 . 2013-03-19 08:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-19 08:02 . 2013-03-19 08:02 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 08:02 . 2013-03-19 08:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-19 08:02 . 2013-03-19 08:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-19 08:02 . 2013-03-19 08:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-19 08:02 . 2013-03-19 08:02 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-19 08:02 . 2013-03-19 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-19 08:02 . 2013-03-19 08:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-19 08:02 . 2013-03-19 08:02 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-19 08:02 . 2013-03-19 08:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-19 08:02 . 2013-03-19 08:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-03-19 2112536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-03-10 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe [2009-08-03 1049328]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-01-11 50208]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 344376]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 42808]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [1601-01-01 0]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-08-09 918064]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 23:00]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 23:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.200.176.49 10.200.176.47 24.93.41.125 24.93.41.126
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://10.200.176.251/webrec.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-21  12:30:12
ComboFix-quarantined-files.txt  2013-05-21 17:30
ComboFix2.txt  2012-12-12 19:58
.
Pre-Run: 156,914,937,856 bytes free
Post-Run: 158,766,874,624 bytes free
.
- - End Of File - - E04A0F35DC63D39B45EC10E5A325208B
ComboFix 13-07-24.02 - Administrator 07/24/2013   8:40.3.4 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3993.3249 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ccdbbegf28.nls
c:\users\dtran.MJECH\Documents\~WRL0001.tmp
.
Infected copy of c:\windows\SysWow64\svchost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!SysWOW64!svchost.exe
.
Infected copy of c:\windows\bfsvc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!bfsvc.exe
.
Infected copy of c:\windows\fveupdate.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!fveupdate.exe
.
Infected copy of c:\windows\hh.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!hh.exe
.
Infected copy of c:\windows\notepad.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!notepad.exe
.
c:\windows\regedit.exe . . . is infected!!
.
Infected copy of c:\windows\splwow64.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-p..ng-spooler-splwow64_31bf3856ad364e35_6.1.7601.21921_none_264c291cc1bf9e4f\splwow64.exe
.
Infected copy of c:\windows\ehome\ehmsas.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!ehmsas.exe
.
Infected copy of c:\windows\ehome\ehrec.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!ehrec.exe
.
Infected copy of c:\windows\ehome\ehsched.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!ehsched.exe
.
Infected copy of c:\windows\ehome\ehshell.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!ehshell.exe
.
Infected copy of c:\windows\ehome\ehtray.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!ehtray.exe
.
Infected copy of c:\windows\ehome\ehvid.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!ehvid.exe
.
Infected copy of c:\windows\ehome\mcGlidHost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!mcGlidHost.exe
.
Infected copy of c:\windows\ehome\McrMgr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!McrMgr.exe
.
Infected copy of c:\windows\ehome\mcspad.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!mcspad.exe
.
Infected copy of c:\windows\ehome\mcupdate.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!mcupdate.exe
.
Infected copy of c:\windows\ehome\Mcx2Prov.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!Mcx2Prov.exe
.
Infected copy of c:\windows\ehome\McxTask.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!McxTask.exe
.
Infected copy of c:\windows\ehome\WTVConverter.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!ehome!WTVConverter.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!NETFXSBS10.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!AppLaunch.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!aspnet_regiis.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!csc.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!cvtres.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!dw20.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!ilasm.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!mscorsvw.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!ngen.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v2.0.50727!vbc.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v3.0!Windows Communication Foundation!infocard.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v3.0!Windows Communication Foundation!SMConfigInstaller.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework!v3.5!WFServicesReg.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework64!v2.0.50727!aspnet_state.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!Microsoft.NET!Framework64!v2.0.50727!Ldr64.exe
.
Infected copy of c:\windows\System32\AdapterTroubleshooter.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!AdapterTroubleshooter.exe
.
Infected copy of c:\windows\System32\ARP.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ARP.EXE
.
Infected copy of c:\windows\System32\at.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!at.exe
.
Infected copy of c:\windows\System32\AtBroker.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!AtBroker.exe
.
Infected copy of c:\windows\System32\attrib.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!attrib.exe
.
Infected copy of c:\windows\System32\auditpol.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!auditpol.exe
.
Infected copy of c:\windows\System32\bitsadmin.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!bitsadmin.exe
.
Infected copy of c:\windows\System32\bootcfg.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_680b6eb133f91b1b\bootcfg.exe
.
Infected copy of c:\windows\System32\bthudtask.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!bthudtask.exe
.
Infected copy of c:\windows\System32\cacls.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cacls.exe
.
Infected copy of c:\windows\System32\calc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!calc.exe
.
Infected copy of c:\windows\System32\CertEnrollCtrl.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!CertEnrollCtrl.exe
.
Infected copy of c:\windows\System32\certreq.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!certreq.exe
.
Infected copy of c:\windows\System32\certutil.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7601.22322_none_1427bd2d6323c846\certutil.exe
.
Infected copy of c:\windows\System32\charmap.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!charmap.exe
.
Infected copy of c:\windows\System32\chkdsk.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe
.
Infected copy of c:\windows\System32\chkntfs.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!chkntfs.exe
.
Infected copy of c:\windows\System32\choice.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!choice.exe
.
Infected copy of c:\windows\System32\cipher.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cipher.exe
.
Infected copy of c:\windows\System32\cleanmgr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cleanmgr.exe
.
Infected copy of c:\windows\System32\cliconfg.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cliconfg.exe
.
Infected copy of c:\windows\System32\clip.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!clip.exe
.
Infected copy of c:\windows\System32\cmd.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cmd.exe
.
Infected copy of c:\windows\System32\cmdkey.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cmdkey.exe
.
Infected copy of c:\windows\System32\cmdl32.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cmdl32.exe
.
Infected copy of c:\windows\System32\cmmon32.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cmmon32.exe
.
Infected copy of c:\windows\System32\cmstp.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cmstp.exe
.
Infected copy of c:\windows\System32\colorcpl.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!colorcpl.exe
.
Infected copy of c:\windows\System32\comp.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!comp.exe
.
Infected copy of c:\windows\System32\compact.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!compact.exe
.
Infected copy of c:\windows\System32\ComputerDefaults.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ComputerDefaults.exe
.
Infected copy of c:\windows\System32\control.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!control.exe
.
Infected copy of c:\windows\System32\convert.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\convert.exe
.
Infected copy of c:\windows\System32\credwiz.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!credwiz.exe
.
Infected copy of c:\windows\System32\cscript.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cscript.exe
.
Infected copy of c:\windows\System32\ctfmon.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ctfmon.exe
.
Infected copy of c:\windows\System32\cttune.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-cttune_31bf3856ad364e35_6.1.7600.16385_none_0f797e18d8361ef2\cttune.exe
.
Infected copy of c:\windows\System32\cttunesvr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!cttunesvr.exe
.
Infected copy of c:\windows\System32\dccw.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dccw.exe
.
Infected copy of c:\windows\System32\dcomcnfg.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dcomcnfg.exe
.
Infected copy of c:\windows\System32\ddodiag.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ddodiag.exe
.
Infected copy of c:\windows\System32\DevicePairingWizard.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!DevicePairingWizard.exe
.
Infected copy of c:\windows\System32\DeviceProperties.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!DeviceProperties.exe
.
Infected copy of c:\windows\System32\dfrgui.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dfrgui.exe
.
Infected copy of c:\windows\System32\dialer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dialer.exe
.
Infected copy of c:\windows\System32\diantz.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!diantz.exe
.
Infected copy of c:\windows\System32\diskpart.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!diskpart.exe
.
Infected copy of c:\windows\System32\diskperf.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!diskperf.exe
.
Infected copy of c:\windows\System32\diskraid.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!diskraid.exe
.
Infected copy of c:\windows\System32\Dism.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!Dism.exe
.
Infected copy of c:\windows\System32\DisplaySwitch.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!DisplaySwitch.exe
.
Infected copy of c:\windows\System32\dllhost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dllhost.exe
.
Infected copy of c:\windows\System32\dllhst3g.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dllhst3g.exe
.
Infected copy of c:\windows\System32\dnscacheugc.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnscacheugc.exe
.
Infected copy of c:\windows\System32\doskey.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!doskey.exe
.
Infected copy of c:\windows\System32\dpapimig.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dpapimig.exe
.
Infected copy of c:\windows\System32\DpiScaling.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!DpiScaling.exe
.
Infected copy of c:\windows\System32\dpnsvr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dpnsvr.exe
.
Infected copy of c:\windows\System32\driverquery.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!driverquery.exe
.
Infected copy of c:\windows\System32\dvdplay.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dvdplay.exe
.
Infected copy of c:\windows\System32\dvdupgrd.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dvdupgrd.exe
.
Infected copy of c:\windows\System32\DWWIN.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!DWWIN.EXE
.
Infected copy of c:\windows\System32\dxdiag.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!dxdiag.exe
.
Infected copy of c:\windows\System32\efsui.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!efsui.exe
.
Infected copy of c:\windows\System32\EhStorAuthn.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!EhStorAuthn.exe
.
Infected copy of c:\windows\System32\esentutl.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!esentutl.exe
.
Infected copy of c:\windows\System32\eudcedit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!eudcedit.exe
.
Infected copy of c:\windows\System32\eventcreate.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!eventcreate.exe
.
Infected copy of c:\windows\System32\eventvwr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!eventvwr.exe
.
Infected copy of c:\windows\System32\expand.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!expand.exe
.
Infected copy of c:\windows\System32\extrac32.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!extrac32.exe
.
Infected copy of c:\windows\System32\fc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!fc.exe
.
Infected copy of c:\windows\System32\find.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!find.exe
.
Infected copy of c:\windows\System32\findstr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!findstr.exe
.
Infected copy of c:\windows\System32\finger.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!finger.exe
.
Infected copy of c:\windows\System32\fixmapi.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!fixmapi.exe
.
Infected copy of c:\windows\System32\fltMC.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!fltMC.exe
.
Infected copy of c:\windows\System32\fontview.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!fontview.exe
.
Infected copy of c:\windows\System32\forfiles.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!forfiles.exe
.
Infected copy of c:\windows\System32\fsutil.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_2ac406171fe62477\fsutil.exe
.
Infected copy of c:\windows\System32\ftp.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ftp.exe
.
Infected copy of c:\windows\System32\getmac.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!getmac.exe
.
Infected copy of c:\windows\System32\gpscript.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!gpscript.exe
.
Infected copy of c:\windows\System32\gpupdate.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!gpupdate.exe
.
Infected copy of c:\windows\System32\grpconv.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!grpconv.exe
.
Infected copy of c:\windows\System32\hdwwiz.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!hdwwiz.exe
.
Infected copy of c:\windows\System32\help.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!help.exe
.
Infected copy of c:\windows\System32\HOSTNAME.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!HOSTNAME.EXE
.
Infected copy of c:\windows\System32\icacls.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!icacls.exe
.
Infected copy of c:\windows\System32\icardagt.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!icardagt.exe
.
Infected copy of c:\windows\System32\icsunattend.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!icsunattend.exe
.
Infected copy of c:\windows\System32\ieUnatt.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20580_none_a447fb4405f1718d\ieUnatt.exe
.
Infected copy of c:\windows\System32\iexpress.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.4.8112.16421_none_d91a1b231155b48b\iexpress.exe
.
Infected copy of c:\windows\System32\InfDefaultInstall.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!InfDefaultInstall.exe
.
Infected copy of c:\windows\System32\ipconfig.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ipconfig.exe
.
Infected copy of c:\windows\System32\iscsicli.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!iscsicli.exe
.
Infected copy of c:\windows\System32\iscsicpl.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!iscsicpl.exe
.
Infected copy of c:\windows\System32\isoburn.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!isoburn.exe
.
Infected copy of c:\windows\System32\ktmutil.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ktmutil.exe
.
Infected copy of c:\windows\System32\label.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!label.exe
.
Infected copy of c:\windows\System32\LocationNotifications.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!LocationNotifications.exe
.
Infected copy of c:\windows\System32\lodctr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!lodctr.exe
.
Infected copy of c:\windows\System32\logagent.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!logagent.exe
.
Infected copy of c:\windows\System32\logman.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!logman.exe
.
Infected copy of c:\windows\System32\Magnify.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!Magnify.exe
.
Infected copy of c:\windows\System32\makecab.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!makecab.exe
.
Infected copy of c:\windows\System32\mcbuilder.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!mcbuilder.exe
.
Infected copy of c:\windows\System32\mfpmp.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!mfpmp.exe
.
Infected copy of c:\windows\System32\MigAutoPlay.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!MigAutoPlay.exe
.
Infected copy of c:\windows\System32\mmc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!mmc.exe
.
Infected copy of c:\windows\System32\mobsync.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!mobsync.exe
.
Infected copy of c:\windows\System32\mountvol.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!mountvol.exe
.
Infected copy of c:\windows\System32\MRINFO.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!MRINFO.EXE
.
Infected copy of c:\windows\System32\msdt.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!msdt.exe
.
Infected copy of c:\windows\System32\msfeedssync.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_9.4.8112.16421_none_70ec2d4bad65c670\msfeedssync.exe
.
Infected copy of c:\windows\System32\mshta.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_9.4.8112.16421_none_cdf82d82dc01518b\mshta.exe
.
Infected copy of c:\windows\System32\msiexec.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!msiexec.exe
.
Infected copy of c:\windows\System32\msinfo32.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c46104dd379\msinfo32.exe
.
Infected copy of c:\windows\System32\msra.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!msra.exe
.
Infected copy of c:\windows\System32\mstsc.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22252_none_ac5e912b50f71c24\mstsc.exe
.
Infected copy of c:\windows\System32\mtstocom.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!mtstocom.exe
.
Infected copy of c:\windows\System32\MuiUnattend.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!MuiUnattend.exe
.
Infected copy of c:\windows\System32\NAPSTAT.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!NAPSTAT.EXE
.
Infected copy of c:\windows\System32\ndadmin.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ndadmin.exe
.
Infected copy of c:\windows\System32\net.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!net.exe
.
Infected copy of c:\windows\System32\net1.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!net1.exe
.
Infected copy of c:\windows\System32\netbtugc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!netbtugc.exe
.
Infected copy of c:\windows\System32\netiougc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!netiougc.exe
.
Infected copy of c:\windows\System32\Netplwiz.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!Netplwiz.exe
.
Infected copy of c:\windows\System32\netsh.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!netsh.exe
.
Infected copy of c:\windows\System32\NETSTAT.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!NETSTAT.EXE
.
Infected copy of c:\windows\System32\newdev.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!newdev.exe
.
Infected copy of c:\windows\System32\nslookup.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!nslookup.exe
.
Infected copy of c:\windows\System32\ntprint.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_4e297fab940bc0e5\ntprint.exe
.
Infected copy of c:\windows\System32\ocsetup.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ocsetup.exe
.
Infected copy of c:\windows\System32\odbcad32.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!odbcad32.exe
.
Infected copy of c:\windows\System32\odbcconf.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!odbcconf.exe
.
Infected copy of c:\windows\System32\openfiles.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa\openfiles.exe
.
Infected copy of c:\windows\System32\OptionalFeatures.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!OptionalFeatures.exe
.
Infected copy of c:\windows\System32\osk.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!osk.exe
.
Infected copy of c:\windows\System32\PATHPING.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!PATHPING.EXE
.
Infected copy of c:\windows\System32\pcaui.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!pcaui.exe
.
Infected copy of c:\windows\System32\perfmon.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe
.
c:\windows\System32\PING.EXE . . . is infected!!
.
Infected copy of c:\windows\System32\PkgMgr.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe
.
Infected copy of c:\windows\System32\powercfg.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!powercfg.exe
.
Infected copy of c:\windows\System32\PresentationHost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_wpf-presentationhostexe_31bf3856ad364e35_6.2.7600.16513_none_9461a4e8d863420a\PresentationHost.exe
.
Infected copy of c:\windows\System32\prevhost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.21663_none_a1b5f77730c54248\prevhost.exe
.
Infected copy of c:\windows\System32\print.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!print.exe
.
Infected copy of c:\windows\System32\printui.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!printui.exe
.
Infected copy of c:\windows\System32\proquota.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!proquota.exe
.
Infected copy of c:\windows\System32\PushPrinterConnections.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!PushPrinterConnections.exe
.
Infected copy of c:\windows\System32\rasautou.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!rasautou.exe
.
Infected copy of c:\windows\System32\rasdial.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!rasdial.exe
.
Infected copy of c:\windows\System32\raserver.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!raserver.exe
.
Infected copy of c:\windows\System32\rasphone.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!rasphone.exe
.
Infected copy of c:\windows\System32\rdrleakdiag.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!rdrleakdiag.exe
.
Infected copy of c:\windows\System32\ReAgentc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ReAgentc.exe
.
Infected copy of c:\windows\System32\recover.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!recover.exe
.
c:\windows\System32\reg.exe . . . is infected!!
.
Infected copy of c:\windows\System32\regedt32.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!regedt32.exe
.
Infected copy of c:\windows\System32\regini.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!regini.exe
.
Infected copy of c:\windows\System32\RegisterIEPKEYs.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_10.2.9200.20742_none_8ee11309adf8dc48\RegisterIEPKEYs.exe
.
Infected copy of c:\windows\System32\regsvr32.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!regsvr32.exe
.
Infected copy of c:\windows\System32\relog.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!relog.exe
.
Infected copy of c:\windows\System32\replace.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!replace.exe
.
Infected copy of c:\windows\System32\resmon.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!resmon.exe
.
Infected copy of c:\windows\System32\RMActivate.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!RMActivate.exe
.
Infected copy of c:\windows\System32\RMActivate_isv.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!RMActivate_isv.exe
.
Infected copy of c:\windows\System32\RMActivate_ssp.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!RMActivate_ssp.exe
.
Infected copy of c:\windows\System32\RMActivate_ssp_isv.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!RMActivate_ssp_isv.exe
.
Infected copy of c:\windows\System32\RmClient.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!RmClient.exe
.
Infected copy of c:\windows\System32\Robocopy.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!Robocopy.exe
.
Infected copy of c:\windows\System32\ROUTE.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!ROUTE.EXE
.
Infected copy of c:\windows\System32\RpcPing.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!RpcPing.exe
.
Infected copy of c:\windows\System32\rrinstaller.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!rrinstaller.exe
.
Infected copy of c:\windows\System32\runas.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!runas.exe
.
Infected copy of c:\windows\System32\rundll32.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!rundll32.exe
.
Infected copy of c:\windows\System32\RunLegacyCPLElevated.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!RunLegacyCPLElevated.exe
.
Infected copy of c:\windows\System32\runonce.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!runonce.exe
.
Infected copy of c:\windows\System32\sbunattend.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!sbunattend.exe
.
c:\windows\System32\sc.exe . . . is infected!!
.
Infected copy of c:\windows\System32\schtasks.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!schtasks.exe
.
Infected copy of c:\windows\System32\sdbinst.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!sdbinst.exe
.
Infected copy of c:\windows\System32\sdchange.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!sdchange.exe
.
Infected copy of c:\windows\System32\sdiagnhost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!sdiagnhost.exe
.
Infected copy of c:\windows\System32\SearchFilterHost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchFilterHost.exe
.
Infected copy of c:\windows\System32\SearchIndexer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchIndexer.exe
.
Infected copy of c:\windows\System32\SearchProtocolHost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_d1faf5c44b3e4dfd\SearchProtocolHost.exe
.
Infected copy of c:\windows\System32\SecEdit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SecEdit.exe
.
Infected copy of c:\windows\System32\secinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!secinit.exe
.
Infected copy of c:\windows\System32\sethc.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-sethc_31bf3856ad364e35_6.1.7601.17514_none_c0e644688bbad892\sethc.exe
.
Infected copy of c:\windows\System32\SetIEInstalledDate.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_9.4.8112.16421_none_7d153fec93ad1dcf\SetIEInstalledDate.exe
.
Infected copy of c:\windows\System32\setupugc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!setupugc.exe
.
Infected copy of c:\windows\System32\setx.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-setx_31bf3856ad364e35_6.1.7600.16385_none_086bc77632c16995\setx.exe
.
Infected copy of c:\windows\System32\sfc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!sfc.exe
.
Infected copy of c:\windows\System32\shrpubw.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!shrpubw.exe
.
Infected copy of c:\windows\System32\shutdown.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!shutdown.exe
.
Infected copy of c:\windows\System32\SndVol.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SndVol.exe
.
Infected copy of c:\windows\System32\sort.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!sort.exe
.
Infected copy of c:\windows\System32\subst.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!subst.exe
.
Infected copy of c:\windows\System32\sxstrace.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!sxstrace.exe
.
Infected copy of c:\windows\System32\SyncHost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SyncHost.exe
.
Infected copy of c:\windows\System32\syskey.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!syskey.exe
.
Infected copy of c:\windows\System32\systeminfo.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-sysinfo_31bf3856ad364e35_6.1.7600.16385_none_4b49a2c2123fd42c\systeminfo.exe
.
Infected copy of c:\windows\System32\SystemPropertiesAdvanced.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SystemPropertiesAdvanced.exe
.
Infected copy of c:\windows\System32\SystemPropertiesComputerName.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SystemPropertiesComputerName.exe
.
Infected copy of c:\windows\System32\SystemPropertiesDataExecutionPrevention.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SystemPropertiesDataExecutionPrevention.exe
.
Infected copy of c:\windows\System32\SystemPropertiesHardware.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SystemPropertiesHardware.exe
.
Infected copy of c:\windows\System32\SystemPropertiesPerformance.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SystemPropertiesPerformance.exe
.
Infected copy of c:\windows\System32\SystemPropertiesProtection.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SystemPropertiesProtection.exe
.
Infected copy of c:\windows\System32\SystemPropertiesRemote.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!SystemPropertiesRemote.exe
.
Infected copy of c:\windows\System32\systray.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!systray.exe
.
Infected copy of c:\windows\System32\takeown.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!takeown.exe
.
Infected copy of c:\windows\System32\TapiUnattend.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!TapiUnattend.exe
.
Infected copy of c:\windows\System32\taskeng.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!taskeng.exe
.
Infected copy of c:\windows\System32\taskmgr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!taskmgr.exe
.
Infected copy of c:\windows\System32\tcmsetup.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!tcmsetup.exe
.
Infected copy of c:\windows\System32\TCPSVCS.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!TCPSVCS.EXE
.
Infected copy of c:\windows\System32\timeout.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!timeout.exe
.
Infected copy of c:\windows\System32\TpmInit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!TpmInit.exe
.
Infected copy of c:\windows\System32\tracerpt.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\tracerpt.exe
.
Infected copy of c:\windows\System32\TRACERT.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!TRACERT.EXE
.
Infected copy of c:\windows\System32\TSTheme.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!TSTheme.exe
.
Infected copy of c:\windows\System32\typeperf.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!typeperf.exe
.
Infected copy of c:\windows\System32\tzutil.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!tzutil.exe
.
Infected copy of c:\windows\System32\unlodctr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!unlodctr.exe
.
Infected copy of c:\windows\System32\unregmp2.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!unregmp2.exe
.
Infected copy of c:\windows\System32\upnpcont.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!upnpcont.exe
.
Infected copy of c:\windows\System32\UserAccountControlSettings.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!UserAccountControlSettings.exe
.
Infected copy of c:\windows\System32\com\comrepl.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!com!comrepl.exe
.
Infected copy of c:\windows\System32\com\MigRegDB.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!com!MigRegDB.exe
.
Infected copy of c:\windows\System32\Dism\DismHost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!Dism!DismHost.exe
.
Infected copy of c:\windows\System32\IME\IMEJP10\IMJPDADM.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMEJP10!IMJPDADM.EXE
.
Infected copy of c:\windows\System32\IME\IMEJP10\IMJPDCT.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMEJP10!IMJPDCT.EXE
.
Infected copy of c:\windows\System32\IME\IMEJP10\IMJPDSVR.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMEJP10!IMJPDSVR.EXE
.
Infected copy of c:\windows\System32\IME\IMEJP10\IMJPMGR.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMEJP10!IMJPMGR.EXE
.
Infected copy of c:\windows\System32\IME\IMEJP10\imjppdmg.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMEJP10!imjppdmg.exe
.
Infected copy of c:\windows\System32\IME\IMEJP10\IMJPUEX.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMEJP10!IMJPUEX.EXE
.
Infected copy of c:\windows\System32\IME\IMEJP10\imjpuexc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMEJP10!imjpuexc.exe
.
Infected copy of c:\windows\System32\IME\IMESC5\IMSCPROP.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMESC5!IMSCPROP.exe
.
Infected copy of c:\windows\System32\IME\IMETC10\IMTCPROP.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!IMETC10!IMTCPROP.exe
.
Infected copy of c:\windows\System32\IME\shared\IMCCPHR.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!shared!IMCCPHR.exe
.
Infected copy of c:\windows\System32\IME\shared\IMEPADSV.EXE was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!IME!shared!IMEPADSV.EXE
.
Infected copy of c:\windows\System32\migwiz\mighost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!migwiz!mighost.exe
.
Infected copy of c:\windows\System32\migwiz\MigSetup.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!migwiz!MigSetup.exe
.
Infected copy of c:\windows\System32\migwiz\migwiz.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!migwiz!migwiz.exe
.
Infected copy of c:\windows\System32\migwiz\PostMig.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\PostMig.exe
.
Infected copy of c:\windows\SysWOW64\dplaysvr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!SysWOW64!dplaysvr.exe
.
Infected copy of c:\windows\SysWOW64\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
.
Infected copy of c:\windows\SysWOW64\instnm.exe was found and disinfected
Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22209_none_d139c7943b60a596\instnm.exe
.
c:\windows\SysWOW64\PING.EXE . . . is infected!!
.
c:\windows\SysWOW64\reg.exe . . . is infected!!
.
Infected copy of c:\windows\SysWOW64\regedit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!SysWOW64!regedit.exe
.
c:\windows\SysWOW64\sc.exe . . . is infected!!
.
Infected copy of c:\windows\SysWOW64\setup16.exe was found and disinfected
Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22209_none_d139c7943b60a596\setup16.exe
.
Infected copy of c:\windows\SysWOW64\setupSNK.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!SysWOW64!setupSNK.exe
.
Infected copy of c:\windows\SysWOW64\InstallShield\setup.exe was found and disinfected
Restored copy from - c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\SETUP.EXE
.
Infected copy of c:\windows\SysWOW64\InstallShield\_isdel.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!SysWOW64!InstallShield!_isdel.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 14:17 . 2013-07-24 14:17 -------- d-----w- c:\users\VSLACK\AppData\Local\temp
2013-07-24 14:17 . 2013-07-24 14:17 -------- d-----w- c:\users\saladart\AppData\Local\temp
2013-07-24 14:17 . 2013-07-24 14:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-24 14:17 . 2013-07-24 14:17 -------- d-----w- c:\users\dtran\AppData\Local\temp
2013-07-24 14:17 . 2013-07-24 14:17 -------- d-----w- c:\users\dtran.MJECH\AppData\Local\temp
2013-07-24 14:17 . 2013-07-24 14:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-24 14:17 . 2013-07-24 14:17 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-07-24 14:17 . 2013-07-24 14:17 -------- d-----w- c:\users\Administrator.PHARMACY2\AppData\Local\temp
2013-07-24 13:34 . 2013-07-24 13:34 -------- d-----w- c:\users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet
2013-07-24 03:38 . 2013-07-24 03:38 -------- d-----w- c:\users\administrator.MJECH\AppData\Roaming\SUPERAntiSpyware.com
2013-07-24 03:38 . 2013-07-24 03:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-24 03:38 . 2013-07-24 03:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-24 03:28 . 2013-07-24 03:35 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-24 01:14 . 2013-07-24 01:14 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{128521BE-3305-44F0-968B-628515331AF9}\offreg.dll
2013-07-24 01:06 . 2013-07-24 01:06 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0F65358-9E2F-4271-8BAE-A54AF58CCF76}\gapaengine.dll
2013-07-24 01:06 . 2013-07-02 06:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{128521BE-3305-44F0-968B-628515331AF9}\mpengine.dll
2013-07-24 01:04 . 2013-07-24 01:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-07-24 01:03 . 2013-07-24 01:04 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-24 00:57 . 2013-07-24 00:57 -------- d-----w- c:\users\administrator.MJECH\AppData\Local\Google
2013-07-24 00:55 . 2013-07-24 00:55 -------- d-----w- c:\windows\system32\appmgmt
2013-07-24 00:42 . 2013-07-24 00:42 -------- d-----w- c:\users\administrator.MJECH\AppData\Roaming\Roxio Burn
2013-07-16 14:28 . 2013-07-24 03:13 -------- d-----w- c:\program files\Google
2013-07-16 08:04 . 2013-07-16 08:06 -------- d-----w- c:\windows\system32\MRT
2013-07-10 01:09 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 01:08 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 01:08 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 00:18 . 2010-11-21 03:25 1504256 ----a-w- c:\windows\system32\wbengine.exe
2013-07-14 00:18 . 2010-11-21 03:23 1600512 ----a-w- c:\windows\system32\VSSVC.exe
2013-07-14 00:18 . 2010-11-21 03:23 533504 ----a-w- c:\windows\system32\vds.exe
2013-07-14 00:18 . 2009-07-13 23:47 203264 ----a-w- c:\windows\system32\wbem\WmiApSrv.exe
2013-07-14 00:18 . 2010-11-21 03:25 689152 ----a-w- c:\windows\system32\FXSSVC.exe
2013-07-14 00:18 . 2010-11-21 03:23 3524608 ----a-w- c:\windows\system32\sppsvc.exe
2013-07-14 00:18 . 2009-07-14 00:10 14336 ----a-w- c:\windows\system32\snmptrap.exe
2013-07-14 00:18 . 2009-07-13 23:59 141824 ----a-w- c:\windows\system32\msdtc.exe
2013-07-14 00:18 . 2009-07-13 23:52 40960 ----a-w- c:\windows\system32\UI0Detect.exe
2013-07-14 00:18 . 2009-07-14 00:08 79360 ----a-w- c:\windows\system32\alg.exe
2013-07-14 00:18 . 2009-07-13 23:40 192512 ----a-w- c:\windows\SysWow64\UserAccountControlSettings.exe
2013-07-14 00:18 . 2009-07-14 00:09 278528 ----a-w- c:\windows\SysWow64\unregmp2.exe
2013-07-14 00:18 . 2009-07-13 23:55 23552 ----a-w- c:\windows\SysWow64\upnpcont.exe
2013-07-14 00:18 . 2010-11-21 03:24 34304 ----a-w- c:\windows\SysWow64\unlodctr.exe
2013-07-14 00:18 . 2010-11-21 03:24 47616 ----a-w- c:\windows\SysWow64\tzutil.exe
2013-07-14 00:18 . 2009-07-13 23:19 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2013-07-14 00:18 . 2009-07-14 00:02 38912 ----a-w- c:\windows\SysWow64\TSTheme.exe
2013-07-14 00:18 . 2009-07-13 23:55 12288 ----a-w- c:\windows\SysWow64\TRACERT.EXE
2013-07-14 00:18 . 2009-07-13 23:20 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2013-07-14 00:18 . 2009-07-13 23:15 27136 ----a-w- c:\windows\SysWow64\timeout.exe
2013-07-14 00:18 . 2009-07-13 23:12 94720 ----a-w- c:\windows\SysWow64\TpmInit.exe
2013-07-14 00:18 . 2009-07-13 23:55 9216 ----a-w- c:\windows\SysWow64\TCPSVCS.EXE
2013-07-14 00:18 . 2009-07-14 00:19 13824 ----a-w- c:\windows\SysWow64\tcmsetup.exe
2013-07-14 00:16 . 2010-11-21 03:23 227328 ----a-w- c:\windows\SysWow64\taskmgr.exe
2013-07-14 00:16 . 2009-07-14 00:13 108544 ----a-w- c:\windows\system32\tasklist.exe
2013-07-14 00:16 . 2010-11-21 03:23 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2013-07-14 00:16 . 2009-07-14 00:13 112640 ----a-w- c:\windows\system32\taskkill.exe
2013-07-14 00:16 . 2010-11-21 03:24 51200 ----a-w- c:\windows\SysWow64\takeown.exe
2013-07-14 00:16 . 2009-07-14 00:19 11264 ----a-w- c:\windows\SysWow64\TapiUnattend.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesRemote.exe
2013-07-14 00:16 . 2009-07-13 23:40 8192 ----a-w- c:\windows\SysWow64\systray.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesProtection.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesPerformance.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesHardware.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesDataExecutionPrevention.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesComputerName.exe
2013-07-14 00:16 . 2009-07-13 23:57 75776 ----a-w- c:\windows\SysWow64\systeminfo.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesAdvanced.exe
2013-07-14 00:16 . 2009-07-13 23:34 28672 ----a-w- c:\windows\SysWow64\syskey.exe
2013-07-14 00:16 . 2009-07-14 00:07 38912 ----a-w- c:\windows\SysWow64\SyncHost.exe
2013-07-14 00:16 . 2009-07-13 23:16 27136 ----a-w- c:\windows\SysWow64\sxstrace.exe
2013-07-14 00:16 . 2010-11-21 03:25 293888 ----a-w- c:\windows\SysWow64\ssText3d.scr
2013-07-14 00:16 . 2010-11-21 03:24 333824 ----a-w- c:\windows\system32\ssText3d.scr
2013-07-14 00:16 . 2009-07-13 23:15 13824 ----a-w- c:\windows\SysWow64\subst.exe
2013-07-14 00:13 . 2009-07-13 23:15 19968 ----a-w- c:\windows\SysWow64\sort.exe
2013-07-14 00:13 . 2010-11-21 03:24 314368 ----a-w- c:\windows\SysWow64\SndVol.exe
2013-07-14 00:12 . 2009-07-13 23:34 30720 ----a-w- c:\windows\SysWow64\shutdown.exe
2013-07-14 00:12 . 2009-07-13 23:31 391680 ----a-w- c:\windows\SysWow64\shrpubw.exe
2013-07-14 00:12 . 2009-07-13 23:15 35328 ----a-w- c:\windows\SysWow64\sfc.exe
2013-07-14 00:12 . 2009-07-13 23:15 46080 ----a-w- c:\windows\SysWow64\setx.exe
2013-07-14 00:12 . 2010-11-21 03:24 113152 ----a-w- c:\windows\SysWow64\setupugc.exe
2013-07-14 00:12 . 2013-03-19 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-14 00:12 . 2010-11-21 03:24 270336 ----a-w- c:\windows\SysWow64\sethc.exe
2013-07-14 00:12 . 2009-07-13 23:22 14848 ----a-w- c:\windows\SysWow64\secinit.exe
2013-07-14 00:12 . 2012-03-10 02:20 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2013-07-14 00:12 . 2009-07-13 23:33 35328 ----a-w- c:\windows\SysWow64\SecEdit.exe
2013-07-14 00:12 . 2012-03-10 02:20 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2013-07-14 00:12 . 2012-03-10 02:20 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2013-07-14 00:12 . 2009-07-13 23:20 40960 ----a-w- c:\windows\SysWow64\sdchange.exe
2013-07-14 00:12 . 2009-07-13 23:19 21504 ----a-w- c:\windows\SysWow64\sdiagnhost.exe
2013-07-14 00:12 . 2009-07-13 23:56 11264 ----a-w- c:\windows\system32\scrnsave.scr
2013-07-14 00:12 . 2009-07-13 23:12 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2013-07-14 00:12 . 2010-11-21 03:23 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2013-07-14 00:12 . 2009-07-13 23:41 10240 ----a-w- c:\windows\SysWow64\scrnsave.scr
2013-07-14 00:12 . 2009-07-13 23:40 12288 ----a-w- c:\windows\SysWow64\sbunattend.exe
2013-07-14 00:12 . 2009-07-13 23:31 45056 ----a-w- c:\windows\system32\sc.exe
2013-07-14 00:12 . 2009-07-13 23:19 37376 ----a-w- c:\windows\SysWow64\sc.exe
2013-07-14 00:12 . 2010-11-21 03:23 50688 ----a-w- c:\windows\SysWow64\runonce.exe
2013-07-14 00:12 . 2009-07-13 23:41 44544 ----a-w- c:\windows\SysWow64\rundll32.exe
2013-07-14 00:12 . 2009-07-13 23:41 57856 ----a-w- c:\windows\SysWow64\RunLegacyCPLElevated.exe
2013-07-14 00:12 . 2009-07-13 23:15 17408 ----a-w- c:\windows\SysWow64\runas.exe
2013-07-14 00:12 . 2009-07-14 00:04 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2013-07-14 00:12 . 2009-07-13 23:55 17920 ----a-w- c:\windows\SysWow64\ROUTE.EXE
2013-07-14 00:12 . 2009-07-13 23:43 34816 ----a-w- c:\windows\SysWow64\RpcPing.exe
2013-07-14 00:12 . 2010-11-21 03:24 98816 ----a-w- c:\windows\SysWow64\Robocopy.exe
2013-07-14 00:11 . 2010-11-21 03:24 278016 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-07-14 00:11 . 2009-07-13 23:22 14848 ----a-w- c:\windows\SysWow64\RmClient.exe
2013-07-14 00:11 . 2010-11-21 03:24 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2013-07-14 00:11 . 2010-11-21 03:24 322048 ----a-w- c:\windows\SysWow64\RMActivate.exe
2013-07-14 00:11 . 2010-11-21 03:24 327168 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2013-07-14 00:11 . 2010-11-21 03:25 220672 ----a-w- c:\windows\SysWow64\Ribbons.scr
2013-07-14 00:11 . 2010-11-21 03:24 241664 ----a-w- c:\windows\system32\Ribbons.scr
2013-07-14 00:11 . 2009-07-13 23:19 103424 ----a-w- c:\windows\SysWow64\resmon.exe
2013-07-14 00:11 . 2010-11-21 03:24 37888 ----a-w- c:\windows\SysWow64\relog.exe
2013-07-14 00:11 . 2009-07-13 23:15 16896 ----a-w- c:\windows\SysWow64\replace.exe
2013-07-14 00:11 . 2009-07-13 23:58 14848 ----a-w- c:\windows\SysWow64\regsvr32.exe
2013-07-14 00:11 . 2009-07-13 23:50 69120 ----a-w- c:\windows\system32\rekeywiz.exe
2013-07-14 00:11 . 2009-07-13 23:58 44032 ----a-w- c:\windows\SysWow64\regini.exe
2013-07-14 00:11 . 2009-07-13 23:26 74752 ----a-w- c:\windows\system32\reg.exe
2013-07-14 00:11 . 2009-07-13 23:15 9216 ----a-w- c:\windows\SysWow64\regedt32.exe
2013-07-14 00:11 . 2009-07-13 23:15 62464 ----a-w- c:\windows\SysWow64\reg.exe
2013-07-14 00:11 . 2009-07-13 23:15 11776 ----a-w- c:\windows\SysWow64\recover.exe
2013-07-14 00:11 . 2010-11-21 03:24 22016 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2013-07-14 00:11 . 2009-07-13 23:20 36352 ----a-w- c:\windows\SysWow64\rdrleakdiag.exe
2013-07-14 00:11 . 2009-07-13 23:54 50176 ----a-w- c:\windows\SysWow64\rasphone.exe
2013-07-14 00:11 . 2009-07-13 23:20 101888 ----a-w- c:\windows\SysWow64\raserver.exe
2013-07-14 00:11 . 2009-07-13 23:54 73216 ----a-w- c:\windows\SysWow64\rasdial.exe
2013-07-14 00:11 . 2009-07-13 23:54 16896 ----a-w- c:\windows\SysWow64\rasautou.exe
2013-07-14 00:11 . 2010-11-21 03:24 51200 ----a-w- c:\windows\SysWow64\PushPrinterConnections.exe
2013-07-14 00:10 . 2009-07-13 23:33 732672 ----a-w- c:\windows\system32\psr.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2013-07-13 . EBC8DA81C3E3C09359D827FC08FF1EE8 . 755200 . . [10.00.9200.16521] .. c:\windows\erdnt\cache86\iexplore.exe
[-] 2013-07-12 . 100907FD813A016A74636EB65578DA8C . 755200 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[7] 2013-06-12 . 2A5F565327BFD679EC5F790DC15BBF25 . 770648 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[7] 2013-05-17 . 07DFD28E57879554D054464EE4A5662D . 770648 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[7] 2013-05-17 . 3902E280F6117A468D5573343A7AA1F6 . 770648 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[7] 2013-04-05 . AAD90795E84E710543C6C7C2F7048E30 . 770608 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[7] 2013-04-05 . 2DC6BD1047553611DAEF97C751131A5D . 770624 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
[7] 2013-03-19 . 2859EBC065D2E1CCC94161CE28BAC085 . 770560 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe
[7] 2013-02-24 . A11C5E3E288256C540B7ED8BE3A04B01 . 770624 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_0a0de5f46c4822c9\iexplore.exe
[7] 2013-02-21 . E4F6125ED5185F8FA37CC4F449B85526 . 770608 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
[7] 2013-02-02 . DDE5A0DFAF7C6370FB36402D7A746ED3 . 757296 . . [9.00.8112.16470] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[7] 2013-02-02 . A285E1965C115031DA02B777EE9D7689 . 757280 . . [9.00.8112.20580] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[7] 2013-01-08 . 698EB1E5F8C66344D97C00B5699E871D . 757280 . . [9.00.8112.16464] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[7] 2013-01-08 . F05982E56ABD835AA8DF260EEC873E5B . 757280 . . [9.00.8112.20573] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[7] 2012-11-14 . 0D286C0FE561D1A7EB30E83A0FF305B2 . 757296 . . [9.00.8112.16457] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[7] 2012-11-14 . F691418EE9A6344AEB5C1B0518FBF8AE . 757280 . . [9.00.8112.20565] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[7] 2012-10-08 . 270A1342BD5AF95CA25A586B4C2F1522 . 748704 . . [9.00.8112.16455] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[7] 2012-10-08 . CECB15F834FC2B4B150449717ADE18DD . 748704 . . [9.00.8112.20562] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[7] 2012-08-24 . 62188720CE27B982B4285C03163C9FB3 . 748680 . . [9.00.8112.20557] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[7] 2012-08-24 . 22CC6CDBA678790046693654C3B212E4 . 748680 . . [9.00.8112.16450] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[7] 2012-06-29 . 93569D46D79F9756ED077156496AFE23 . 748664 . . [9.00.8112.16448] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[7] 2012-06-28 . EB4105348272018D096FEB655CD1608C . 748664 . . [9.00.8112.20554] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[7] 2012-06-02 . 34B01BBD8F00B6B9C9248DC4F1E3CD01 . 748664 . . [9.00.8112.16447] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[7] 2012-06-02 . BE967C74B89577B78FB57C061E12B04C . 748664 . . [9.00.8112.20553] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[7] 2012-05-17 . 0129BB16161C2FD9A6B19111AB047198 . 748664 . . [9.00.8112.16446] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[7] 2012-05-17 . 268982F1FD671A077C6A2AF41E351436 . 748664 . . [9.00.8112.20551] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[7] 2012-03-10 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[7] 2010-11-21 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-07-11 31232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2013-07-12 233472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-05-31 2845720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-07-12 53248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2013-07-13 242176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe;c:\windows\SYSNATIVE\DKabcoms.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 20:18]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 20:18]
.
2013-07-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2728ee49-cf6a-401d-b18e-3abdd102c16b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-07-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a541f495-27d5-4f8e-9581-369d67f974df.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.200.176.49 10.200.176.47 24.93.41.125 24.93.41.126
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://10.200.176.251/webrec.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-16869525.sys
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2277288043-3767098876-1018027061-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-2277288043-3767098876-1018027061-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:42,7b,32,96,4b,56,ce,01
.
[HKEY_USERS\S-1-5-21-2277288043-3767098876-1018027061-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe
c:\users\dtran.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-07-24  09:32:02 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-24 14:32
ComboFix2.txt  2013-05-21 17:30
ComboFix3.txt  2012-12-12 19:58
.
Pre-Run: 150,988,988,416 bytes free
Post-Run: 150,226,935,808 bytes free
.
- - End Of File - - ECF4AFCC64AE5351705DDBF7B3D72F4E
5C616939100B85E558DA92B899A0FC36

 

 


Edited by hamluis, 24 July 2013 - 07:07 PM.
Pasted log content from Win 7 topic, moved from Am I Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 SALADART

SALADART
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 24 July 2013 - 07:28 PM

I Ran DDS and here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.3.1
Run by Administrator at 19:13:44 on 2013-07-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3993.2199 [GMT -5:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\DKabcoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\vds.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\npchrome_frame.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://10.200.176.251/webrec.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: NameServer = 10.200.176.49 10.200.176.47 24.93.41.125 24.93.41.126
TCP: Interfaces\{D53CD2BD-2BE7-44A2-BC54-28A2D10A1D3A} : DHCPNameServer = 10.200.176.49 10.200.176.47 24.93.41.125 24.93.41.126
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\npchrome_frame.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-9 317440]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
.
=============== Created Last 30 ================
.
2013-07-24 23:53:42 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E588F80-DD7A-4E32-B38C-747AB3D44017}\offreg.dll
2013-07-24 23:52:49 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E588F80-DD7A-4E32-B38C-747AB3D44017}\mpengine.dll
2013-07-24 22:42:34 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-24 20:31:37 -------- d-----w- C:\$RECYCLE.BIN
2013-07-24 14:33:00 -------- d-----w- C:\Users\administrator.MJECH\AppData\Local\Apple
2013-07-24 13:34:51 -------- d-----w- C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet
2013-07-24 03:38:40 -------- d-----w- C:\Users\administrator.MJECH\AppData\Roaming\SUPERAntiSpyware.com
2013-07-24 03:38:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-07-24 03:38:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-07-24 03:28:08 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-24 01:06:40 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0F65358-9E2F-4271-8BAE-A54AF58CCF76}\gapaengine.dll
2013-07-24 01:04:02 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-07-24 01:03:57 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-07-24 00:57:41 -------- d-----w- C:\Users\administrator.MJECH\AppData\Local\Google
2013-07-24 00:55:32 -------- d-----w- C:\Windows\System32\appmgmt
2013-07-24 00:42:11 -------- d-----w- C:\Users\administrator.MJECH\AppData\Roaming\Roxio Burn
2013-07-16 08:04:53 -------- d-----w- C:\Windows\System32\MRT
2013-07-10 01:09:24 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 01:08:58 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 01:08:58 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-07-14 00:16:50 227328 ----a-w- C:\Windows\SysWow64\taskmgr.exe
2013-07-14 00:13:33 19968 ----a-w- C:\Windows\SysWow64\sort.exe
2013-07-14 00:13:32 314368 ----a-w- C:\Windows\SysWow64\SndVol.exe
2013-07-14 00:11:53 278016 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-07-14 00:10:49 732672 ----a-w- C:\Windows\System32\psr.exe
2013-07-14 00:09:47 32768 ----a-w- C:\Windows\SysWow64\odbcconf.exe
2013-07-14 00:09:46 86016 ----a-w- C:\Windows\SysWow64\odbcad32.exe
2013-07-14 00:09:46 197632 ----a-w- C:\Windows\SysWow64\ocsetup.exe
2013-07-14 00:09:45 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2013-07-14 00:09:44 98304 ----a-w- C:\Windows\SysWow64\nslookup.exe
2013-07-14 00:09:43 179712 ----a-w- C:\Windows\SysWow64\notepad.exe
2013-07-14 00:09:32 76800 ----a-w- C:\Windows\SysWow64\newdev.exe
2013-07-14 00:09:01 27136 ----a-w- C:\Windows\SysWow64\NETSTAT.EXE
2013-07-14 00:09:00 96256 ----a-w- C:\Windows\SysWow64\netsh.exe
2013-07-14 00:09:00 26112 ----a-w- C:\Windows\SysWow64\Netplwiz.exe
2013-07-14 00:07:59 12800 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-07-14 00:07:37 983040 ----a-w- C:\Windows\SysWow64\msdt.exe
2013-07-14 00:07:37 11264 ----a-w- C:\Windows\SysWow64\MRINFO.EXE
2013-07-14 00:07:36 13312 ----a-w- C:\Windows\SysWow64\mountvol.exe
2013-07-14 00:07:36 101376 ----a-w- C:\Windows\SysWow64\mobsync.exe
2013-07-14 00:07:35 1401344 ----a-w- C:\Windows\SysWow64\mmc.exe
2013-07-13 23:57:13 84480 ----a-w- C:\Windows\SysWow64\MigAutoPlay.exe
2013-07-13 23:57:13 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2013-07-13 23:57:12 220672 ----a-w- C:\Windows\SysWow64\mcbuilder.exe
2013-07-13 23:57:01 98816 ----a-w- C:\Windows\SysWow64\makecab.exe
2013-07-13 23:57:01 629760 ----a-w- C:\Windows\SysWow64\Magnify.exe
2013-07-13 23:56:18 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2013-07-13 23:54:14 95232 ----a-w- C:\Windows\SysWow64\logagent.exe
2013-07-13 23:54:13 89600 ----a-w- C:\Windows\SysWow64\LocationNotifications.exe
2013-07-13 23:54:13 42496 ----a-w- C:\Windows\SysWow64\lodctr.exe
2013-07-13 23:54:12 14848 ----a-w- C:\Windows\SysWow64\ktmutil.exe
2013-07-13 23:54:12 14336 ----a-w- C:\Windows\SysWow64\label.exe
2013-07-13 23:53:39 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2013-07-13 23:53:38 144896 ----a-w- C:\Windows\SysWow64\iscsicli.exe
2013-07-13 23:53:38 120320 ----a-w- C:\Windows\SysWow64\iscsicpl.exe
2013-07-13 23:53:37 27136 ----a-w- C:\Windows\SysWow64\ipconfig.exe
2013-07-13 23:48:04 9216 ----a-w- C:\Windows\SysWow64\InfDefaultInstall.exe
2013-07-13 23:45:43 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-07-13 23:45:42 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-13 23:45:31 612864 ----a-w- C:\Windows\SysWow64\icardagt.exe
2013-07-13 23:45:31 14336 ----a-w- C:\Windows\SysWow64\icsunattend.exe
2013-07-13 23:45:30 27136 ----a-w- C:\Windows\SysWow64\icacls.exe
2013-07-13 23:45:09 8704 ----a-w- C:\Windows\SysWow64\HOSTNAME.EXE
2013-07-13 23:45:08 8704 ----a-w- C:\Windows\SysWow64\help.exe
2013-07-13 23:43:58 19968 ----a-w- C:\Windows\SysWow64\fc.exe
2013-07-13 23:43:57 53248 ----a-w- C:\Windows\SysWow64\extrac32.exe
2013-07-13 23:43:56 53248 ----a-w- C:\Windows\SysWow64\expand.exe
2013-07-13 23:43:55 79872 ----a-w- C:\Windows\SysWow64\eventvwr.exe
2013-07-13 23:43:55 35328 ----a-w- C:\Windows\SysWow64\eventcreate.exe
2013-07-13 23:43:54 288256 ----a-w- C:\Windows\SysWow64\eudcedit.exe
2013-07-13 23:43:43 123392 ----a-w- C:\Windows\SysWow64\esentutl.exe
2013-07-13 23:33:03 130560 ----a-w- C:\Windows\SysWow64\EhStorAuthn.exe
2013-07-13 23:33:03 12288 ----a-w- C:\Windows\SysWow64\efsui.exe
2013-07-13 23:33:02 264704 ----a-w- C:\Windows\SysWow64\dxdiag.exe
2013-07-13 23:33:02 130048 ----a-w- C:\Windows\SysWow64\DWWIN.EXE
2013-07-13 23:33:01 9728 ----a-w- C:\Windows\SysWow64\dvdplay.exe
2013-07-13 23:33:01 21504 ----a-w- C:\Windows\SysWow64\dvdupgrd.exe
2013-07-13 23:33:00 102912 ----a-w- C:\Windows\System32\drvinst.exe
2013-07-13 21:26:03 66048 ----a-w- C:\Windows\SysWow64\driverquery.exe
2013-07-13 21:26:02 33280 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2013-07-13 21:26:01 76800 ----a-w- C:\Windows\SysWow64\DpiScaling.exe
2013-07-13 21:26:01 72192 ----a-w- C:\Windows\SysWow64\dpapimig.exe
2013-07-13 21:26:00 15872 ----a-w- C:\Windows\SysWow64\doskey.exe
2013-07-13 21:24:55 28160 ----a-w- C:\Windows\SysWow64\credwiz.exe
2013-07-13 21:24:55 17408 ----a-w- C:\Windows\SysWow64\convert.exe
2013-07-13 19:32:08 776192 ----a-w- C:\Windows\SysWow64\calc.exe
2013-07-13 19:32:07 899584 ----a-w- C:\Windows\System32\Bubbles.scr
2013-07-13 19:32:07 25600 ----a-w- C:\Windows\SysWow64\cacls.exe
2013-07-13 19:32:06 878592 ----a-w- C:\Windows\SysWow64\Bubbles.scr
2013-07-13 19:32:05 81408 ----a-w- C:\Windows\SysWow64\bootcfg.exe
2013-07-13 19:32:05 35328 ----a-w- C:\Windows\SysWow64\bthudtask.exe
2013-07-13 19:32:04 186368 ----a-w- C:\Windows\SysWow64\bitsadmin.exe
2013-07-13 19:31:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2013-07-13 19:31:51 29184 ----a-w- C:\Windows\SysWow64\AtBroker.exe
2013-07-13 19:31:51 16384 ----a-w- C:\Windows\SysWow64\attrib.exe
2013-07-13 19:31:50 24064 ----a-w- C:\Windows\SysWow64\at.exe
2013-07-13 19:31:50 20992 ----a-w- C:\Windows\SysWow64\ARP.EXE
2013-07-13 19:31:28 38912 ----a-w- C:\Windows\SysWow64\AdapterTroubleshooter.exe
2013-07-13 07:08:52 113152 ----a-w- C:\Windows\SysWow64\control.exe
2013-07-11 20:18:45 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2013-06-12 03:26:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 19:16:56.34 ===============
 



#3 SALADART

SALADART
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 24 July 2013 - 07:36 PM

Here is the latest COMBOFIX log:

 

ComboFix 13-07-24.03 - Administrator 07/24/2013  15:01:31.7.4 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3993.2920 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
c:\windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe . . . is infected!!
.
c:\windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe . . . is infected!!
.
c:\windows\System32\AdapterTroubleshooter.exe . . . is infected!!
.
c:\windows\System32\ARP.EXE . . . is infected!!
.
c:\windows\System32\at.exe . . . is infected!!
.
c:\windows\System32\AtBroker.exe . . . is infected!!
.
c:\windows\System32\attrib.exe . . . is infected!!
.
c:\windows\System32\auditpol.exe . . . is infected!!
.
c:\windows\System32\bitsadmin.exe . . . is infected!!
.
Infected copy of c:\windows\System32\bootcfg.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_680b6eb133f91b1b\bootcfg.exe
.
c:\windows\System32\bthudtask.exe . . . is infected!!
.
c:\windows\System32\cacls.exe . . . is infected!!
.
c:\windows\System32\calc.exe . . . is infected!!
.
c:\windows\System32\CertEnrollCtrl.exe . . . is infected!!
.
c:\windows\System32\certreq.exe . . . is infected!!
.
Infected copy of c:\windows\System32\certutil.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7601.22322_none_1427bd2d6323c846\certutil.exe
.
c:\windows\System32\charmap.exe . . . is infected!!
.
Infected copy of c:\windows\System32\chkdsk.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe
.
c:\windows\System32\chkntfs.exe . . . is infected!!
.
c:\windows\System32\choice.exe . . . is infected!!
.
c:\windows\System32\cipher.exe . . . is infected!!
.
c:\windows\System32\cleanmgr.exe . . . is infected!!
.
c:\windows\System32\cliconfg.exe . . . is infected!!
.
c:\windows\System32\clip.exe . . . is infected!!
.
c:\windows\System32\cmd.exe . . . is infected!!
.
c:\windows\System32\cmdkey.exe . . . is infected!!
.
c:\windows\System32\cmdl32.exe . . . is infected!!
.
c:\windows\System32\cmmon32.exe . . . is infected!!
.
c:\windows\System32\cmstp.exe . . . is infected!!
.
c:\windows\System32\colorcpl.exe . . . is infected!!
.
c:\windows\System32\comp.exe . . . is infected!!
.
c:\windows\System32\compact.exe . . . is infected!!
.
c:\windows\System32\ComputerDefaults.exe . . . is infected!!
.
c:\windows\System32\control.exe . . . is infected!!
.
Infected copy of c:\windows\System32\convert.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\convert.exe
.
c:\windows\System32\credwiz.exe . . . is infected!!
.
c:\windows\System32\cscript.exe . . . is infected!!
.
Infected copy of c:\windows\System32\ctfmon.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\ctfmon.exe
.
Infected copy of c:\windows\System32\cttune.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-cttune_31bf3856ad364e35_6.1.7600.16385_none_0f797e18d8361ef2\cttune.exe
.
c:\windows\System32\cttunesvr.exe . . . is infected!!
.
c:\windows\System32\dccw.exe . . . is infected!!
.
c:\windows\System32\dcomcnfg.exe . . . is infected!!
.
c:\windows\System32\ddodiag.exe . . . is infected!!
.
c:\windows\System32\DevicePairingWizard.exe . . . is infected!!
.
c:\windows\System32\DeviceProperties.exe . . . is infected!!
.
c:\windows\System32\dfrgui.exe . . . is infected!!
.
c:\windows\System32\dialer.exe . . . is infected!!
.
c:\windows\System32\diantz.exe . . . is infected!!
.
c:\windows\System32\diskpart.exe . . . is infected!!
.
c:\windows\System32\diskperf.exe . . . is infected!!
.
c:\windows\System32\diskraid.exe . . . is infected!!
.
c:\windows\System32\Dism.exe . . . is infected!!
.
c:\windows\System32\DisplaySwitch.exe . . . is infected!!
.
c:\windows\System32\dllhost.exe . . . is infected!!
.
c:\windows\System32\dllhst3g.exe . . . is infected!!
.
Infected copy of c:\windows\System32\dnscacheugc.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnscacheugc.exe
.
c:\windows\System32\doskey.exe . . . is infected!!
.
c:\windows\System32\dpapimig.exe . . . is infected!!
.
c:\windows\System32\DpiScaling.exe . . . is infected!!
.
c:\windows\System32\dpnsvr.exe . . . is infected!!
.
c:\windows\System32\driverquery.exe . . . is infected!!
.
c:\windows\System32\dvdplay.exe . . . is infected!!
.
c:\windows\System32\dvdupgrd.exe . . . is infected!!
.
c:\windows\System32\DWWIN.EXE . . . is infected!!
.
c:\windows\System32\dxdiag.exe . . . is infected!!
.
c:\windows\System32\efsui.exe . . . is infected!!
.
c:\windows\System32\EhStorAuthn.exe . . . is infected!!
.
c:\windows\System32\esentutl.exe . . . is infected!!
.
c:\windows\System32\eudcedit.exe . . . is infected!!
.
c:\windows\System32\eventcreate.exe . . . is infected!!
.
c:\windows\System32\eventvwr.exe . . . is infected!!
.
c:\windows\System32\expand.exe . . . is infected!!
.
c:\windows\System32\extrac32.exe . . . is infected!!
.
c:\windows\System32\fc.exe . . . is infected!!
.
c:\windows\System32\find.exe . . . is infected!!
.
c:\windows\System32\findstr.exe . . . is infected!!
.
c:\windows\System32\finger.exe . . . is infected!!
.
c:\windows\System32\fixmapi.exe . . . is infected!!
.
c:\windows\System32\fltMC.exe . . . is infected!!
.
c:\windows\System32\fontview.exe . . . is infected!!
.
c:\windows\System32\forfiles.exe . . . is infected!!
.
Infected copy of c:\windows\System32\fsutil.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_2ac406171fe62477\fsutil.exe
.
c:\windows\System32\ftp.exe . . . is infected!!
.
c:\windows\System32\getmac.exe . . . is infected!!
.
c:\windows\System32\gpscript.exe . . . is infected!!
.
c:\windows\System32\gpupdate.exe . . . is infected!!
.
c:\windows\System32\grpconv.exe . . . is infected!!
.
c:\windows\System32\hdwwiz.exe . . . is infected!!
.
c:\windows\System32\help.exe . . . is infected!!
.
c:\windows\System32\HOSTNAME.EXE . . . is infected!!
.
c:\windows\System32\icacls.exe . . . is infected!!
.
c:\windows\System32\icardagt.exe . . . is infected!!
.
c:\windows\System32\icsunattend.exe . . . is infected!!
.
Infected copy of c:\windows\System32\ieUnatt.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20580_none_a447fb4405f1718d\ieUnatt.exe
.
Infected copy of c:\windows\System32\iexpress.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.4.8112.16421_none_d91a1b231155b48b\iexpress.exe
.
c:\windows\System32\InfDefaultInstall.exe . . . is infected!!
.
c:\windows\System32\ipconfig.exe . . . is infected!!
.
c:\windows\System32\iscsicli.exe . . . is infected!!
.
c:\windows\System32\iscsicpl.exe . . . is infected!!
.
c:\windows\System32\isoburn.exe . . . is infected!!
.
c:\windows\System32\ktmutil.exe . . . is infected!!
.
c:\windows\System32\label.exe . . . is infected!!
.
c:\windows\System32\LocationNotifications.exe . . . is infected!!
.
c:\windows\System32\lodctr.exe . . . is infected!!
.
c:\windows\System32\logagent.exe . . . is infected!!
.
c:\windows\System32\logman.exe . . . is infected!!
.
c:\windows\System32\Magnify.exe . . . is infected!!
.
c:\windows\System32\makecab.exe . . . is infected!!
.
c:\windows\System32\mcbuilder.exe . . . is infected!!
.
c:\windows\System32\mfpmp.exe . . . is infected!!
.
c:\windows\System32\MigAutoPlay.exe . . . is infected!!
.
c:\windows\System32\mmc.exe . . . is infected!!
.
c:\windows\System32\mobsync.exe . . . is infected!!
.
c:\windows\System32\mountvol.exe . . . is infected!!
.
c:\windows\System32\MRINFO.EXE . . . is infected!!
.
c:\windows\System32\msdt.exe . . . is infected!!
.
Infected copy of c:\windows\System32\msfeedssync.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_9.4.8112.16421_none_70ec2d4bad65c670\msfeedssync.exe
.
Infected copy of c:\windows\System32\mshta.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_9.4.8112.16421_none_cdf82d82dc01518b\mshta.exe
.
c:\windows\System32\msiexec.exe . . . is infected!!
.
Infected copy of c:\windows\System32\msinfo32.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c46104dd379\msinfo32.exe
.
c:\windows\System32\msra.exe . . . is infected!!
.
Infected copy of c:\windows\System32\mstsc.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22252_none_ac5e912b50f71c24\mstsc.exe
.
c:\windows\System32\mtstocom.exe . . . is infected!!
.
c:\windows\System32\MuiUnattend.exe . . . is infected!!
.
c:\windows\System32\NAPSTAT.EXE . . . is infected!!
.
c:\windows\System32\ndadmin.exe . . . is infected!!
.
c:\windows\System32\net.exe . . . is infected!!
.
c:\windows\System32\net1.exe . . . is infected!!
.
c:\windows\System32\netbtugc.exe . . . is infected!!
.
c:\windows\System32\netiougc.exe . . . is infected!!
.
c:\windows\System32\Netplwiz.exe . . . is infected!!
.
c:\windows\System32\netsh.exe . . . is infected!!
.
c:\windows\System32\NETSTAT.EXE . . . is infected!!
.
c:\windows\System32\newdev.exe . . . is infected!!
.
Infected copy of c:\windows\System32\notepad.exe was found and disinfected
Restored copy from - c:\windows\notepad.exe
.
c:\windows\System32\nslookup.exe . . . is infected!!
.
Infected copy of c:\windows\System32\ntprint.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_4e297fab940bc0e5\ntprint.exe
.
c:\windows\System32\ocsetup.exe . . . is infected!!
.
c:\windows\System32\odbcad32.exe . . . is infected!!
.
c:\windows\System32\odbcconf.exe . . . is infected!!
.
Infected copy of c:\windows\System32\openfiles.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa\openfiles.exe
.
c:\windows\System32\OptionalFeatures.exe . . . is infected!!
.
c:\windows\System32\osk.exe . . . is infected!!
.
c:\windows\System32\PATHPING.EXE . . . is infected!!
.
c:\windows\System32\pcaui.exe . . . is infected!!
.
Infected copy of c:\windows\System32\perfmon.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe
.
c:\windows\System32\PING.EXE . . . is infected!!
.
Infected copy of c:\windows\System32\PkgMgr.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe
.
c:\windows\System32\powercfg.exe . . . is infected!!
.
Infected copy of c:\windows\System32\PresentationHost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_wpf-presentationhostexe_31bf3856ad364e35_6.2.7600.16513_none_9461a4e8d863420a\PresentationHost.exe
.
Infected copy of c:\windows\System32\prevhost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.21663_none_a1b5f77730c54248\prevhost.exe
.
c:\windows\System32\print.exe . . . is infected!!
.
c:\windows\System32\printui.exe . . . is infected!!
.
c:\windows\System32\proquota.exe . . . is infected!!
.
c:\windows\System32\PushPrinterConnections.exe . . . is infected!!
.
c:\windows\System32\rasautou.exe . . . is infected!!
.
c:\windows\System32\rasdial.exe . . . is infected!!
.
c:\windows\System32\raserver.exe . . . is infected!!
.
c:\windows\System32\rasphone.exe . . . is infected!!
.
c:\windows\System32\rdrleakdiag.exe . . . is infected!!
.
c:\windows\System32\ReAgentc.exe . . . is infected!!
.
c:\windows\System32\recover.exe . . . is infected!!
.
c:\windows\System32\reg.exe . . . is infected!!
.
c:\windows\System32\regedt32.exe . . . is infected!!
.
c:\windows\System32\regini.exe . . . is infected!!
.
Infected copy of c:\windows\System32\RegisterIEPKEYs.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_10.2.9200.20742_none_8ee11309adf8dc48\RegisterIEPKEYs.exe
.
c:\windows\System32\regsvr32.exe . . . is infected!!
.
c:\windows\System32\relog.exe . . . is infected!!
.
c:\windows\System32\replace.exe . . . is infected!!
.
c:\windows\System32\resmon.exe . . . is infected!!
.
c:\windows\System32\RMActivate.exe . . . is infected!!
.
c:\windows\System32\RMActivate_isv.exe . . . is infected!!
.
c:\windows\System32\RMActivate_ssp.exe . . . is infected!!
.
c:\windows\System32\RMActivate_ssp_isv.exe . . . is infected!!
.
c:\windows\System32\RmClient.exe . . . is infected!!
.
c:\windows\System32\Robocopy.exe . . . is infected!!
.
c:\windows\System32\ROUTE.EXE . . . is infected!!
.
c:\windows\System32\RpcPing.exe . . . is infected!!
.
c:\windows\System32\rrinstaller.exe . . . is infected!!
.
c:\windows\System32\runas.exe . . . is infected!!
.
c:\windows\System32\rundll32.exe . . . is infected!!
.
c:\windows\System32\RunLegacyCPLElevated.exe . . . is infected!!
.
c:\windows\System32\runonce.exe . . . is infected!!
.
c:\windows\System32\sbunattend.exe . . . is infected!!
.
c:\windows\System32\sc.exe . . . is infected!!
.
c:\windows\System32\schtasks.exe . . . is infected!!
.
c:\windows\System32\sdbinst.exe . . . is infected!!
.
c:\windows\System32\sdchange.exe . . . is infected!!
.
c:\windows\System32\sdiagnhost.exe . . . is infected!!
.
Infected copy of c:\windows\System32\SearchFilterHost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchFilterHost.exe
.
Infected copy of c:\windows\System32\SearchIndexer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchIndexer.exe
.
Infected copy of c:\windows\System32\SearchProtocolHost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_d1faf5c44b3e4dfd\SearchProtocolHost.exe
.
c:\windows\System32\SecEdit.exe . . . is infected!!
.
c:\windows\System32\secinit.exe . . . is infected!!
.
Infected copy of c:\windows\System32\sethc.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-sethc_31bf3856ad364e35_6.1.7601.17514_none_c0e644688bbad892\sethc.exe
.
Infected copy of c:\windows\System32\SetIEInstalledDate.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_9.4.8112.16421_none_7d153fec93ad1dcf\SetIEInstalledDate.exe
.
c:\windows\System32\setupugc.exe . . . is infected!!
.
Infected copy of c:\windows\System32\setx.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-setx_31bf3856ad364e35_6.1.7600.16385_none_086bc77632c16995\setx.exe
.
c:\windows\System32\sfc.exe . . . is infected!!
.
c:\windows\System32\shrpubw.exe . . . is infected!!
.
c:\windows\System32\shutdown.exe . . . is infected!!
.
c:\windows\System32\SndVol.exe . . . is infected!!
.
c:\windows\System32\sort.exe . . . is infected!!
.
c:\windows\System32\subst.exe . . . is infected!!
.
c:\windows\System32\sxstrace.exe . . . is infected!!
.
c:\windows\System32\SyncHost.exe . . . is infected!!
.
c:\windows\System32\syskey.exe . . . is infected!!
.
Infected copy of c:\windows\System32\systeminfo.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-sysinfo_31bf3856ad364e35_6.1.7600.16385_none_4b49a2c2123fd42c\systeminfo.exe
.
c:\windows\System32\SystemPropertiesAdvanced.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesComputerName.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesDataExecutionPrevention.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesHardware.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesPerformance.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesProtection.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesRemote.exe . . . is infected!!
.
c:\windows\System32\systray.exe . . . is infected!!
.
c:\windows\System32\takeown.exe . . . is infected!!
.
c:\windows\System32\TapiUnattend.exe . . . is infected!!
.
c:\windows\System32\taskeng.exe . . . is infected!!
.
c:\windows\System32\taskmgr.exe . . . is infected!!
.
c:\windows\System32\tcmsetup.exe . . . is infected!!
.
c:\windows\System32\TCPSVCS.EXE . . . is infected!!
.
c:\windows\System32\timeout.exe . . . is infected!!
.
c:\windows\System32\TpmInit.exe . . . is infected!!
.
Infected copy of c:\windows\System32\tracerpt.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\tracerpt.exe
.
c:\windows\System32\TRACERT.EXE . . . is infected!!
.
c:\windows\System32\TSTheme.exe . . . is infected!!
.
c:\windows\System32\typeperf.exe . . . is infected!!
.
c:\windows\System32\tzutil.exe . . . is infected!!
.
c:\windows\System32\unlodctr.exe . . . is infected!!
.
c:\windows\System32\unregmp2.exe . . . is infected!!
.
c:\windows\System32\upnpcont.exe . . . is infected!!
.
c:\windows\System32\UserAccountControlSettings.exe . . . is infected!!
.
c:\windows\System32\com\comrepl.exe . . . is infected!!
.
c:\windows\System32\com\MigRegDB.exe . . . is infected!!
.
c:\windows\System32\Dism\DismHost.exe . . . is infected!!
.
c:\windows\System32\IME\IMEJP10\IMJPDADM.EXE . . . is infected!!
.
c:\windows\System32\IME\IMEJP10\IMJPDCT.EXE . . . is infected!!
.
c:\windows\System32\IME\IMEJP10\IMJPDSVR.EXE . . . is infected!!
.
c:\windows\System32\IME\IMEJP10\IMJPMGR.EXE . . . is infected!!
.
c:\windows\System32\IME\IMEJP10\imjppdmg.exe . . . is infected!!
.
c:\windows\System32\IME\IMEJP10\IMJPUEX.EXE . . . is infected!!
.
c:\windows\System32\IME\IMEJP10\imjpuexc.exe . . . is infected!!
.
c:\windows\System32\IME\IMESC5\IMSCPROP.exe . . . is infected!!
.
c:\windows\System32\IME\IMETC10\IMTCPROP.exe . . . is infected!!
.
c:\windows\System32\IME\shared\IMCCPHR.exe . . . is infected!!
.
c:\windows\System32\IME\shared\IMEPADSV.EXE . . . is infected!!
.
c:\windows\System32\migwiz\mighost.exe . . . is infected!!
.
c:\windows\System32\migwiz\MigSetup.exe . . . is infected!!
.
c:\windows\System32\migwiz\migwiz.exe . . . is infected!!
.
Infected copy of c:\windows\System32\migwiz\PostMig.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\PostMig.exe
.
c:\windows\SysWOW64\AdapterTroubleshooter.exe . . . is infected!!
.
c:\windows\SysWOW64\ARP.EXE . . . is infected!!
.
c:\windows\SysWOW64\at.exe . . . is infected!!
.
c:\windows\SysWOW64\AtBroker.exe . . . is infected!!
.
c:\windows\SysWOW64\attrib.exe . . . is infected!!
.
c:\windows\SysWOW64\auditpol.exe . . . is infected!!
.
c:\windows\SysWOW64\bitsadmin.exe . . . is infected!!
.
c:\windows\SysWOW64\bthudtask.exe . . . is infected!!
.
c:\windows\SysWOW64\cacls.exe . . . is infected!!
.
c:\windows\SysWOW64\calc.exe . . . is infected!!
.
c:\windows\SysWOW64\CertEnrollCtrl.exe . . . is infected!!
.
c:\windows\SysWOW64\certreq.exe . . . is infected!!
.
c:\windows\SysWOW64\charmap.exe . . . is infected!!
.
c:\windows\SysWOW64\chkntfs.exe . . . is infected!!
.
c:\windows\SysWOW64\choice.exe . . . is infected!!
.
c:\windows\SysWOW64\cipher.exe . . . is infected!!
.
c:\windows\SysWOW64\cleanmgr.exe . . . is infected!!
.
c:\windows\SysWOW64\cliconfg.exe . . . is infected!!
.
c:\windows\SysWOW64\clip.exe . . . is infected!!
.
c:\windows\SysWOW64\cmd.exe . . . is infected!!
.
c:\windows\SysWOW64\cmdkey.exe . . . is infected!!
.
c:\windows\SysWOW64\cmdl32.exe . . . is infected!!
.
c:\windows\SysWOW64\cmmon32.exe . . . is infected!!
.
c:\windows\SysWOW64\cmstp.exe . . . is infected!!
.
c:\windows\SysWOW64\colorcpl.exe . . . is infected!!
.
c:\windows\SysWOW64\comp.exe . . . is infected!!
.
c:\windows\SysWOW64\compact.exe . . . is infected!!
.
c:\windows\SysWOW64\ComputerDefaults.exe . . . is infected!!
.
c:\windows\SysWOW64\control.exe . . . is infected!!
.
c:\windows\SysWOW64\credwiz.exe . . . is infected!!
.
c:\windows\SysWOW64\cscript.exe . . . is infected!!
.
c:\windows\SysWOW64\cttunesvr.exe . . . is infected!!
.
c:\windows\SysWOW64\dccw.exe . . . is infected!!
.
c:\windows\SysWOW64\dcomcnfg.exe . . . is infected!!
.
c:\windows\SysWOW64\ddodiag.exe . . . is infected!!
.
c:\windows\SysWOW64\DevicePairingWizard.exe . . . is infected!!
.
c:\windows\SysWOW64\DeviceProperties.exe . . . is infected!!
.
c:\windows\SysWOW64\dfrgui.exe . . . is infected!!
.
c:\windows\SysWOW64\dialer.exe . . . is infected!!
.
c:\windows\SysWOW64\diantz.exe . . . is infected!!
.
c:\windows\SysWOW64\diskpart.exe . . . is infected!!
.
c:\windows\SysWOW64\diskperf.exe . . . is infected!!
.
c:\windows\SysWOW64\diskraid.exe . . . is infected!!
.
c:\windows\SysWOW64\Dism.exe . . . is infected!!
.
c:\windows\SysWOW64\DisplaySwitch.exe . . . is infected!!
.
c:\windows\SysWOW64\dllhost.exe . . . is infected!!
.
c:\windows\SysWOW64\dllhst3g.exe . . . is infected!!
.
c:\windows\SysWOW64\doskey.exe . . . is infected!!
.
c:\windows\SysWOW64\dpapimig.exe . . . is infected!!
.
c:\windows\SysWOW64\DpiScaling.exe . . . is infected!!
.
c:\windows\SysWOW64\dpnsvr.exe . . . is infected!!
.
c:\windows\SysWOW64\driverquery.exe . . . is infected!!
.
c:\windows\SysWOW64\dvdplay.exe . . . is infected!!
.
c:\windows\SysWOW64\dvdupgrd.exe . . . is infected!!
.
c:\windows\SysWOW64\DWWIN.EXE . . . is infected!!
.
c:\windows\SysWOW64\dxdiag.exe . . . is infected!!
.
c:\windows\SysWOW64\efsui.exe . . . is infected!!
.
c:\windows\SysWOW64\EhStorAuthn.exe . . . is infected!!
.
c:\windows\SysWOW64\esentutl.exe . . . is infected!!
.
c:\windows\SysWOW64\eudcedit.exe . . . is infected!!
.
c:\windows\SysWOW64\eventcreate.exe . . . is infected!!
.
c:\windows\SysWOW64\eventvwr.exe . . . is infected!!
.
c:\windows\SysWOW64\expand.exe . . . is infected!!
.
c:\windows\SysWOW64\extrac32.exe . . . is infected!!
.
c:\windows\SysWOW64\fc.exe . . . is infected!!
.
c:\windows\SysWOW64\find.exe . . . is infected!!
.
c:\windows\SysWOW64\findstr.exe . . . is infected!!
.
c:\windows\SysWOW64\finger.exe . . . is infected!!
.
c:\windows\SysWOW64\fixmapi.exe . . . is infected!!
.
c:\windows\SysWOW64\fltMC.exe . . . is infected!!
.
c:\windows\SysWOW64\fontview.exe . . . is infected!!
.
c:\windows\SysWOW64\forfiles.exe . . . is infected!!
.
c:\windows\SysWOW64\ftp.exe . . . is infected!!
.
c:\windows\SysWOW64\getmac.exe . . . is infected!!
.
c:\windows\SysWOW64\gpscript.exe . . . is infected!!
.
c:\windows\SysWOW64\gpupdate.exe . . . is infected!!
.
c:\windows\SysWOW64\grpconv.exe . . . is infected!!
.
c:\windows\SysWOW64\hdwwiz.exe . . . is infected!!
.
c:\windows\SysWOW64\help.exe . . . is infected!!
.
c:\windows\SysWOW64\HOSTNAME.EXE . . . is infected!!
.
c:\windows\SysWOW64\icacls.exe . . . is infected!!
.
c:\windows\SysWOW64\icardagt.exe . . . is infected!!
.
c:\windows\SysWOW64\icsunattend.exe . . . is infected!!
.
c:\windows\SysWOW64\InfDefaultInstall.exe . . . is infected!!
.
c:\windows\SysWOW64\ipconfig.exe . . . is infected!!
.
c:\windows\SysWOW64\iscsicli.exe . . . is infected!!
.
c:\windows\SysWOW64\iscsicpl.exe . . . is infected!!
.
c:\windows\SysWOW64\isoburn.exe . . . is infected!!
.
c:\windows\SysWOW64\ktmutil.exe . . . is infected!!
.
c:\windows\SysWOW64\label.exe . . . is infected!!
.
c:\windows\SysWOW64\LocationNotifications.exe . . . is infected!!
.
c:\windows\SysWOW64\lodctr.exe . . . is infected!!
.
c:\windows\SysWOW64\logagent.exe . . . is infected!!
.
c:\windows\SysWOW64\logman.exe . . . is infected!!
.
c:\windows\SysWOW64\Magnify.exe . . . is infected!!
.
c:\windows\SysWOW64\makecab.exe . . . is infected!!
.
c:\windows\SysWOW64\mcbuilder.exe . . . is infected!!
.
c:\windows\SysWOW64\mfpmp.exe . . . is infected!!
.
c:\windows\SysWOW64\MigAutoPlay.exe . . . is infected!!
.
c:\windows\SysWOW64\mmc.exe . . . is infected!!
.
c:\windows\SysWOW64\mobsync.exe . . . is infected!!
.
c:\windows\SysWOW64\mountvol.exe . . . is infected!!
.
c:\windows\SysWOW64\MRINFO.EXE . . . is infected!!
.
c:\windows\SysWOW64\msdt.exe . . . is infected!!
.
c:\windows\SysWOW64\msiexec.exe . . . is infected!!
.
c:\windows\SysWOW64\msra.exe . . . is infected!!
.
c:\windows\SysWOW64\mtstocom.exe . . . is infected!!
.
c:\windows\SysWOW64\MuiUnattend.exe . . . is infected!!
.
c:\windows\SysWOW64\NAPSTAT.EXE . . . is infected!!
.
c:\windows\SysWOW64\ndadmin.exe . . . is infected!!
.
c:\windows\SysWOW64\net.exe . . . is infected!!
.
c:\windows\SysWOW64\net1.exe . . . is infected!!
.
c:\windows\SysWOW64\netbtugc.exe . . . is infected!!
.
c:\windows\SysWOW64\netiougc.exe . . . is infected!!
.
c:\windows\SysWOW64\Netplwiz.exe . . . is infected!!
.
c:\windows\SysWOW64\netsh.exe . . . is infected!!
.
c:\windows\SysWOW64\NETSTAT.EXE . . . is infected!!
.
c:\windows\SysWOW64\newdev.exe . . . is infected!!
.
c:\windows\SysWOW64\nslookup.exe . . . is infected!!
.
c:\windows\SysWOW64\ocsetup.exe . . . is infected!!
.
c:\windows\SysWOW64\odbcad32.exe . . . is infected!!
.
c:\windows\SysWOW64\odbcconf.exe . . . is infected!!
.
c:\windows\SysWOW64\OptionalFeatures.exe . . . is infected!!
.
c:\windows\SysWOW64\osk.exe . . . is infected!!
.
c:\windows\SysWOW64\PATHPING.EXE . . . is infected!!
.
c:\windows\SysWOW64\pcaui.exe . . . is infected!!
.
c:\windows\SysWOW64\PING.EXE . . . is infected!!
.
c:\windows\SysWOW64\powercfg.exe . . . is infected!!
.
c:\windows\SysWOW64\print.exe . . . is infected!!
.
c:\windows\SysWOW64\printui.exe . . . is infected!!
.
c:\windows\SysWOW64\proquota.exe . . . is infected!!
.
c:\windows\SysWOW64\PushPrinterConnections.exe . . . is infected!!
.
c:\windows\SysWOW64\rasautou.exe . . . is infected!!
.
c:\windows\SysWOW64\rasdial.exe . . . is infected!!
.
c:\windows\SysWOW64\raserver.exe . . . is infected!!
.
c:\windows\SysWOW64\rasphone.exe . . . is infected!!
.
c:\windows\SysWOW64\rdrleakdiag.exe . . . is infected!!
.
c:\windows\SysWOW64\ReAgentc.exe . . . is infected!!
.
c:\windows\SysWOW64\recover.exe . . . is infected!!
.
c:\windows\SysWOW64\reg.exe . . . is infected!!
.
c:\windows\SysWOW64\regedt32.exe . . . is infected!!
.
c:\windows\SysWOW64\regini.exe . . . is infected!!
.
c:\windows\SysWOW64\regsvr32.exe . . . is infected!!
.
c:\windows\SysWOW64\relog.exe . . . is infected!!
.
c:\windows\SysWOW64\replace.exe . . . is infected!!
.
c:\windows\SysWOW64\resmon.exe . . . is infected!!
.
c:\windows\SysWOW64\RMActivate.exe . . . is infected!!
.
c:\windows\SysWOW64\RMActivate_isv.exe . . . is infected!!
.
c:\windows\SysWOW64\RMActivate_ssp.exe . . . is infected!!
.
c:\windows\SysWOW64\RMActivate_ssp_isv.exe . . . is infected!!
.
c:\windows\SysWOW64\RmClient.exe . . . is infected!!
.
c:\windows\SysWOW64\Robocopy.exe . . . is infected!!
.
c:\windows\SysWOW64\ROUTE.EXE . . . is infected!!
.
c:\windows\SysWOW64\RpcPing.exe . . . is infected!!
.
c:\windows\SysWOW64\rrinstaller.exe . . . is infected!!
.
c:\windows\SysWOW64\runas.exe . . . is infected!!
.
c:\windows\SysWOW64\rundll32.exe . . . is infected!!
.
c:\windows\SysWOW64\RunLegacyCPLElevated.exe . . . is infected!!
.
c:\windows\SysWOW64\runonce.exe . . . is infected!!
.
c:\windows\SysWOW64\sbunattend.exe . . . is infected!!
.
c:\windows\SysWOW64\sc.exe . . . is infected!!
.
c:\windows\SysWOW64\schtasks.exe . . . is infected!!
.
c:\windows\SysWOW64\sdbinst.exe . . . is infected!!
.
c:\windows\SysWOW64\sdchange.exe . . . is infected!!
.
c:\windows\SysWOW64\sdiagnhost.exe . . . is infected!!
.
c:\windows\SysWOW64\SecEdit.exe . . . is infected!!
.
c:\windows\SysWOW64\secinit.exe . . . is infected!!
.
c:\windows\SysWOW64\setupugc.exe . . . is infected!!
.
c:\windows\SysWOW64\sfc.exe . . . is infected!!
.
c:\windows\SysWOW64\shrpubw.exe . . . is infected!!
.
c:\windows\SysWOW64\shutdown.exe . . . is infected!!
.
c:\windows\SysWOW64\SndVol.exe . . . is infected!!
.
c:\windows\SysWOW64\sort.exe . . . is infected!!
.
c:\windows\SysWOW64\subst.exe . . . is infected!!
.
c:\windows\SysWOW64\sxstrace.exe . . . is infected!!
.
c:\windows\SysWOW64\SyncHost.exe . . . is infected!!
.
c:\windows\SysWOW64\syskey.exe . . . is infected!!
.
c:\windows\SysWOW64\SystemPropertiesAdvanced.exe . . . is infected!!
.
c:\windows\SysWOW64\SystemPropertiesComputerName.exe . . . is infected!!
.
c:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe . . . is infected!!
.
c:\windows\SysWOW64\SystemPropertiesHardware.exe . . . is infected!!
.
c:\windows\SysWOW64\SystemPropertiesPerformance.exe . . . is infected!!
.
c:\windows\SysWOW64\SystemPropertiesProtection.exe . . . is infected!!
.
c:\windows\SysWOW64\SystemPropertiesRemote.exe . . . is infected!!
.
c:\windows\SysWOW64\systray.exe . . . is infected!!
.
c:\windows\SysWOW64\takeown.exe . . . is infected!!
.
c:\windows\SysWOW64\TapiUnattend.exe . . . is infected!!
.
c:\windows\SysWOW64\taskeng.exe . . . is infected!!
.
c:\windows\SysWOW64\taskmgr.exe . . . is infected!!
.
c:\windows\SysWOW64\tcmsetup.exe . . . is infected!!
.
c:\windows\SysWOW64\TCPSVCS.EXE . . . is infected!!
.
c:\windows\SysWOW64\timeout.exe . . . is infected!!
.
c:\windows\SysWOW64\TpmInit.exe . . . is infected!!
.
c:\windows\SysWOW64\TRACERT.EXE . . . is infected!!
.
c:\windows\SysWOW64\TSTheme.exe . . . is infected!!
.
c:\windows\SysWOW64\typeperf.exe . . . is infected!!
.
c:\windows\SysWOW64\tzutil.exe . . . is infected!!
.
c:\windows\SysWOW64\unlodctr.exe . . . is infected!!
.
c:\windows\SysWOW64\unregmp2.exe . . . is infected!!
.
c:\windows\SysWOW64\upnpcont.exe . . . is infected!!
.
c:\windows\SysWOW64\UserAccountControlSettings.exe . . . is infected!!
.
c:\windows\SysWOW64\com\comrepl.exe . . . is infected!!
.
c:\windows\SysWOW64\com\MigRegDB.exe . . . is infected!!
.
c:\windows\SysWOW64\Dism\DismHost.exe . . . is infected!!
.
c:\windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE . . . is infected!!
.
c:\windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE . . . is infected!!
.
c:\windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE . . . is infected!!
.
c:\windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE . . . is infected!!
.
c:\windows\SysWOW64\IME\IMEJP10\imjppdmg.exe . . . is infected!!
.
c:\windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE . . . is infected!!
.
c:\windows\SysWOW64\IME\IMEJP10\imjpuexc.exe . . . is infected!!
.
c:\windows\SysWOW64\IME\IMESC5\IMSCPROP.exe . . . is infected!!
.
c:\windows\SysWOW64\IME\IMETC10\IMTCPROP.exe . . . is infected!!
.
c:\windows\SysWOW64\IME\shared\IMCCPHR.exe . . . is infected!!
.
c:\windows\SysWOW64\IME\shared\IMEPADSV.EXE . . . is infected!!
.
c:\windows\SysWOW64\migwiz\mighost.exe . . . is infected!!
.
c:\windows\SysWOW64\migwiz\MigSetup.exe . . . is infected!!
.
c:\windows\SysWOW64\migwiz\migwiz.exe . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 20:15 . 2013-07-24 20:15 -------- d-----w- c:\users\VSLACK\AppData\Local\temp
2013-07-24 20:15 . 2013-07-24 20:15 -------- d-----w- c:\users\saladart\AppData\Local\temp
2013-07-24 20:15 . 2013-07-24 20:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-24 20:15 . 2013-07-24 20:15 -------- d-----w- c:\users\dtran\AppData\Local\temp
2013-07-24 20:15 . 2013-07-24 20:15 -------- d-----w- c:\users\dtran.MJECH\AppData\Local\temp
2013-07-24 20:15 . 2013-07-24 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-24 20:15 . 2013-07-24 20:15 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-07-24 20:15 . 2013-07-24 20:15 -------- d-----w- c:\users\Administrator.PHARMACY2\AppData\Local\temp
2013-07-24 14:33 . 2013-07-24 14:33 -------- d-----w- c:\users\administrator.MJECH\AppData\Local\Apple
2013-07-24 13:34 . 2013-07-24 16:23 -------- d-----w- c:\users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet
2013-07-24 03:38 . 2013-07-24 03:38 -------- d-----w- c:\users\administrator.MJECH\AppData\Roaming\SUPERAntiSpyware.com
2013-07-24 03:38 . 2013-07-24 03:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-24 03:38 . 2013-07-24 03:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-24 03:28 . 2013-07-24 03:35 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-24 01:06 . 2013-07-24 01:06 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0F65358-9E2F-4271-8BAE-A54AF58CCF76}\gapaengine.dll
2013-07-24 01:06 . 2013-07-02 06:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{128521BE-3305-44F0-968B-628515331AF9}\mpengine.dll
2013-07-24 01:04 . 2013-07-24 01:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-07-24 01:03 . 2013-07-24 01:04 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-24 00:57 . 2013-07-24 00:57 -------- d-----w- c:\users\administrator.MJECH\AppData\Local\Google
2013-07-24 00:55 . 2013-07-24 00:55 -------- d-----w- c:\windows\system32\appmgmt
2013-07-24 00:42 . 2013-07-24 00:42 -------- d-----w- c:\users\administrator.MJECH\AppData\Roaming\Roxio Burn
2013-07-16 14:28 . 2013-07-24 03:13 -------- d-----w- c:\program files\Google
2013-07-16 08:04 . 2013-07-16 08:06 -------- d-----w- c:\windows\system32\MRT
2013-07-10 01:09 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 01:08 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 01:08 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 00:18 . 2010-11-21 03:25 1504256 ----a-w- c:\windows\system32\wbengine.exe
2013-07-14 00:18 . 2010-11-21 03:23 1600512 ----a-w- c:\windows\system32\VSSVC.exe
2013-07-14 00:18 . 2010-11-21 03:23 533504 ----a-w- c:\windows\system32\vds.exe
2013-07-14 00:18 . 2009-07-13 23:47 203264 ----a-w- c:\windows\system32\wbem\WmiApSrv.exe
2013-07-14 00:18 . 2010-11-21 03:25 689152 ----a-w- c:\windows\system32\FXSSVC.exe
2013-07-14 00:18 . 2010-11-21 03:23 3524608 ----a-w- c:\windows\system32\sppsvc.exe
2013-07-14 00:18 . 2009-07-14 00:10 14336 ----a-w- c:\windows\system32\snmptrap.exe
2013-07-14 00:18 . 2009-07-13 23:59 141824 ----a-w- c:\windows\system32\msdtc.exe
2013-07-14 00:18 . 2009-07-13 23:52 40960 ----a-w- c:\windows\system32\UI0Detect.exe
2013-07-14 00:18 . 2009-07-14 00:08 79360 ----a-w- c:\windows\system32\alg.exe
2013-07-14 00:18 . 2009-07-13 23:40 192512 ----a-w- c:\windows\SysWow64\UserAccountControlSettings.exe
2013-07-14 00:18 . 2009-07-14 00:09 278528 ----a-w- c:\windows\SysWow64\unregmp2.exe
2013-07-14 00:18 . 2009-07-13 23:55 23552 ----a-w- c:\windows\SysWow64\upnpcont.exe
2013-07-14 00:18 . 2010-11-21 03:24 34304 ----a-w- c:\windows\SysWow64\unlodctr.exe
2013-07-14 00:18 . 2010-11-21 03:24 47616 ----a-w- c:\windows\SysWow64\tzutil.exe
2013-07-14 00:18 . 2009-07-13 23:19 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2013-07-14 00:18 . 2009-07-14 00:02 38912 ----a-w- c:\windows\SysWow64\TSTheme.exe
2013-07-14 00:18 . 2009-07-13 23:55 12288 ----a-w- c:\windows\SysWow64\TRACERT.EXE
2013-07-14 00:18 . 2009-07-13 23:20 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2013-07-14 00:18 . 2009-07-13 23:15 27136 ----a-w- c:\windows\SysWow64\timeout.exe
2013-07-14 00:18 . 2009-07-13 23:12 94720 ----a-w- c:\windows\SysWow64\TpmInit.exe
2013-07-14 00:18 . 2009-07-13 23:55 9216 ----a-w- c:\windows\SysWow64\TCPSVCS.EXE
2013-07-14 00:18 . 2009-07-14 00:19 13824 ----a-w- c:\windows\SysWow64\tcmsetup.exe
2013-07-14 00:16 . 2010-11-21 03:23 227328 ----a-w- c:\windows\SysWow64\taskmgr.exe
2013-07-14 00:16 . 2009-07-14 00:13 108544 ----a-w- c:\windows\system32\tasklist.exe
2013-07-14 00:16 . 2010-11-21 03:23 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2013-07-14 00:16 . 2009-07-14 00:13 112640 ----a-w- c:\windows\system32\taskkill.exe
2013-07-14 00:16 . 2010-11-21 03:24 51200 ----a-w- c:\windows\SysWow64\takeown.exe
2013-07-14 00:16 . 2009-07-14 00:19 11264 ----a-w- c:\windows\SysWow64\TapiUnattend.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesRemote.exe
2013-07-14 00:16 . 2009-07-13 23:40 8192 ----a-w- c:\windows\SysWow64\systray.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesProtection.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesPerformance.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesHardware.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesDataExecutionPrevention.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesComputerName.exe
2013-07-14 00:16 . 2009-07-13 23:57 75776 ----a-w- c:\windows\SysWow64\systeminfo.exe
2013-07-14 00:16 . 2009-07-13 23:40 81920 ----a-w- c:\windows\SysWow64\SystemPropertiesAdvanced.exe
2013-07-14 00:16 . 2009-07-13 23:34 28672 ----a-w- c:\windows\SysWow64\syskey.exe
2013-07-14 00:16 . 2009-07-14 00:07 38912 ----a-w- c:\windows\SysWow64\SyncHost.exe
2013-07-14 00:16 . 2009-07-13 23:16 27136 ----a-w- c:\windows\SysWow64\sxstrace.exe
2013-07-14 00:16 . 2010-11-21 03:25 293888 ----a-w- c:\windows\SysWow64\ssText3d.scr
2013-07-14 00:16 . 2010-11-21 03:24 333824 ----a-w- c:\windows\system32\ssText3d.scr
2013-07-14 00:16 . 2009-07-13 23:15 13824 ----a-w- c:\windows\SysWow64\subst.exe
2013-07-14 00:13 . 2009-07-13 23:15 19968 ----a-w- c:\windows\SysWow64\sort.exe
2013-07-14 00:13 . 2010-11-21 03:24 314368 ----a-w- c:\windows\SysWow64\SndVol.exe
2013-07-14 00:12 . 2009-07-13 23:34 30720 ----a-w- c:\windows\SysWow64\shutdown.exe
2013-07-14 00:12 . 2009-07-13 23:31 391680 ----a-w- c:\windows\SysWow64\shrpubw.exe
2013-07-14 00:12 . 2009-07-13 23:15 35328 ----a-w- c:\windows\SysWow64\sfc.exe
2013-07-14 00:12 . 2009-07-13 23:15 46080 ----a-w- c:\windows\SysWow64\setx.exe
2013-07-14 00:12 . 2010-11-21 03:24 113152 ----a-w- c:\windows\SysWow64\setupugc.exe
2013-07-14 00:12 . 2013-03-19 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-14 00:12 . 2010-11-21 03:24 270336 ----a-w- c:\windows\SysWow64\sethc.exe
2013-07-14 00:12 . 2009-07-13 23:22 14848 ----a-w- c:\windows\SysWow64\secinit.exe
2013-07-14 00:12 . 2012-03-10 02:20 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2013-07-14 00:12 . 2009-07-13 23:33 35328 ----a-w- c:\windows\SysWow64\SecEdit.exe
2013-07-14 00:12 . 2012-03-10 02:20 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2013-07-14 00:12 . 2012-03-10 02:20 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2013-07-14 00:12 . 2009-07-13 23:20 40960 ----a-w- c:\windows\SysWow64\sdchange.exe
2013-07-14 00:12 . 2009-07-13 23:19 21504 ----a-w- c:\windows\SysWow64\sdiagnhost.exe
2013-07-14 00:12 . 2009-07-13 23:56 11264 ----a-w- c:\windows\system32\scrnsave.scr
2013-07-14 00:12 . 2009-07-13 23:12 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2013-07-14 00:12 . 2010-11-21 03:23 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2013-07-14 00:12 . 2009-07-13 23:41 10240 ----a-w- c:\windows\SysWow64\scrnsave.scr
2013-07-14 00:12 . 2009-07-13 23:40 12288 ----a-w- c:\windows\SysWow64\sbunattend.exe
2013-07-14 00:12 . 2009-07-13 23:19 37376 ----a-w- c:\windows\SysWow64\sc.exe
2013-07-14 00:12 . 2010-11-21 03:23 50688 ----a-w- c:\windows\SysWow64\runonce.exe
2013-07-14 00:12 . 2009-07-13 23:41 44544 ----a-w- c:\windows\SysWow64\rundll32.exe
2013-07-14 00:12 . 2009-07-13 23:41 57856 ----a-w- c:\windows\SysWow64\RunLegacyCPLElevated.exe
2013-07-14 00:12 . 2009-07-13 23:15 17408 ----a-w- c:\windows\SysWow64\runas.exe
2013-07-14 00:12 . 2009-07-14 00:04 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2013-07-14 00:12 . 2009-07-13 23:55 17920 ----a-w- c:\windows\SysWow64\ROUTE.EXE
2013-07-14 00:12 . 2009-07-13 23:43 34816 ----a-w- c:\windows\SysWow64\RpcPing.exe
2013-07-14 00:12 . 2010-11-21 03:24 98816 ----a-w- c:\windows\SysWow64\Robocopy.exe
2013-07-14 00:11 . 2010-11-21 03:24 278016 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-07-14 00:11 . 2009-07-13 23:22 14848 ----a-w- c:\windows\SysWow64\RmClient.exe
2013-07-14 00:11 . 2010-11-21 03:24 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2013-07-14 00:11 . 2010-11-21 03:24 322048 ----a-w- c:\windows\SysWow64\RMActivate.exe
2013-07-14 00:11 . 2010-11-21 03:24 327168 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2013-07-14 00:11 . 2010-11-21 03:25 220672 ----a-w- c:\windows\SysWow64\Ribbons.scr
2013-07-14 00:11 . 2010-11-21 03:24 241664 ----a-w- c:\windows\system32\Ribbons.scr
2013-07-14 00:11 . 2009-07-13 23:19 103424 ----a-w- c:\windows\SysWow64\resmon.exe
2013-07-14 00:11 . 2010-11-21 03:24 37888 ----a-w- c:\windows\SysWow64\relog.exe
2013-07-14 00:11 . 2009-07-13 23:15 16896 ----a-w- c:\windows\SysWow64\replace.exe
2013-07-14 00:11 . 2009-07-13 23:58 14848 ----a-w- c:\windows\SysWow64\regsvr32.exe
2013-07-14 00:11 . 2009-07-13 23:50 69120 ----a-w- c:\windows\system32\rekeywiz.exe
2013-07-14 00:11 . 2009-07-13 23:58 44032 ----a-w- c:\windows\SysWow64\regini.exe
2013-07-14 00:11 . 2009-07-13 23:26 74752 ----a-w- c:\windows\system32\reg.exe
2013-07-14 00:11 . 2009-07-13 23:15 9216 ----a-w- c:\windows\SysWow64\regedt32.exe
2013-07-14 00:11 . 2009-07-13 23:15 62464 ----a-w- c:\windows\SysWow64\reg.exe
2013-07-14 00:11 . 2009-07-13 23:15 11776 ----a-w- c:\windows\SysWow64\recover.exe
2013-07-14 00:11 . 2010-11-21 03:24 22016 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2013-07-14 00:11 . 2009-07-13 23:20 36352 ----a-w- c:\windows\SysWow64\rdrleakdiag.exe
2013-07-14 00:11 . 2009-07-13 23:54 50176 ----a-w- c:\windows\SysWow64\rasphone.exe
2013-07-14 00:11 . 2009-07-13 23:20 101888 ----a-w- c:\windows\SysWow64\raserver.exe
2013-07-14 00:11 . 2009-07-13 23:54 73216 ----a-w- c:\windows\SysWow64\rasdial.exe
2013-07-14 00:11 . 2009-07-13 23:54 16896 ----a-w- c:\windows\SysWow64\rasautou.exe
2013-07-14 00:11 . 2010-11-21 03:24 51200 ----a-w- c:\windows\SysWow64\PushPrinterConnections.exe
2013-07-14 00:10 . 2009-07-13 23:33 732672 ----a-w- c:\windows\system32\psr.exe
2013-07-14 00:10 . 2010-11-21 03:24 28672 ----a-w- c:\windows\SysWow64\proquota.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-07-13 . EBC8DA81C3E3C09359D827FC08FF1EE8 . 755200 . . [10.00.9200.16521] .. c:\windows\erdnt\cache86\iexplore.exe
[-] 2013-07-12 . 100907FD813A016A74636EB65578DA8C . 755200 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[7] 2013-06-12 . 2A5F565327BFD679EC5F790DC15BBF25 . 770648 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[7] 2013-05-17 . 07DFD28E57879554D054464EE4A5662D . 770648 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[7] 2013-05-17 . 3902E280F6117A468D5573343A7AA1F6 . 770648 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[7] 2013-04-05 . AAD90795E84E710543C6C7C2F7048E30 . 770608 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[7] 2013-04-05 . 2DC6BD1047553611DAEF97C751131A5D . 770624 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
[7] 2013-03-19 . 2859EBC065D2E1CCC94161CE28BAC085 . 770560 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe
[7] 2013-02-24 . A11C5E3E288256C540B7ED8BE3A04B01 . 770624 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_0a0de5f46c4822c9\iexplore.exe
[7] 2013-02-21 . E4F6125ED5185F8FA37CC4F449B85526 . 770608 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
[7] 2013-02-02 . DDE5A0DFAF7C6370FB36402D7A746ED3 . 757296 . . [9.00.8112.16470] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[7] 2013-02-02 . A285E1965C115031DA02B777EE9D7689 . 757280 . . [9.00.8112.20580] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[7] 2013-01-08 . 698EB1E5F8C66344D97C00B5699E871D . 757280 . . [9.00.8112.16464] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[7] 2013-01-08 . F05982E56ABD835AA8DF260EEC873E5B . 757280 . . [9.00.8112.20573] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[7] 2012-11-14 . 0D286C0FE561D1A7EB30E83A0FF305B2 . 757296 . . [9.00.8112.16457] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[7] 2012-11-14 . F691418EE9A6344AEB5C1B0518FBF8AE . 757280 . . [9.00.8112.20565] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[7] 2012-10-08 . 270A1342BD5AF95CA25A586B4C2F1522 . 748704 . . [9.00.8112.16455] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[7] 2012-10-08 . CECB15F834FC2B4B150449717ADE18DD . 748704 . . [9.00.8112.20562] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[7] 2012-08-24 . 62188720CE27B982B4285C03163C9FB3 . 748680 . . [9.00.8112.20557] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[7] 2012-08-24 . 22CC6CDBA678790046693654C3B212E4 . 748680 . . [9.00.8112.16450] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[7] 2012-06-29 . 93569D46D79F9756ED077156496AFE23 . 748664 . . [9.00.8112.16448] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[7] 2012-06-28 . EB4105348272018D096FEB655CD1608C . 748664 . . [9.00.8112.20554] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[7] 2012-06-02 . 34B01BBD8F00B6B9C9248DC4F1E3CD01 . 748664 . . [9.00.8112.16447] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[7] 2012-06-02 . BE967C74B89577B78FB57C061E12B04C . 748664 . . [9.00.8112.20553] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[7] 2012-05-17 . 0129BB16161C2FD9A6B19111AB047198 . 748664 . . [9.00.8112.16446] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[7] 2012-05-17 . 268982F1FD671A077C6A2AF41E351436 . 748664 . . [9.00.8112.20551] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[7] 2012-03-10 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[7] 2010-11-21 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-07-11 31232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2013-07-12 233472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-05-31 2845720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-07-12 53248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2013-07-13 242176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe;c:\windows\SYSNATIVE\DKabcoms.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 20:18]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 20:18]
.
2013-07-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2728ee49-cf6a-401d-b18e-3abdd102c16b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-07-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a541f495-27d5-4f8e-9581-369d67f974df.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.200.176.49 10.200.176.47 24.93.41.125 24.93.41.126
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://10.200.176.251/webrec.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2277288043-3767098876-1018027061-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-2277288043-3767098876-1018027061-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:42,7b,32,96,4b,56,ce,01
.
[HKEY_USERS\S-1-5-21-2277288043-3767098876-1018027061-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f1,e5,58,81,87,d8,4d,af,4d,ab,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue.exe
.
**************************************************************************
.
Completion time: 2013-07-24  15:35:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-24 20:35
ComboFix2.txt  2013-07-24 17:12
ComboFix3.txt  2013-07-24 16:18
ComboFix4.txt  2013-07-24 15:34
ComboFix5.txt  2013-07-24 20:00
.
Pre-Run: 161,577,889,792 bytes free
Post-Run: 161,492,377,600 bytes free
.
- - End Of File - - 5F90A4BF48B79A3107B6224CA510050A
5C616939100B85E558DA92B899A0FC36
 



#4 SALADART

SALADART
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 24 July 2013 - 11:09 PM

Found another tool that hopefully will help in resolving this issue - FARBAR Log FIle:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by Administrator (administrator) on 24-07-2013 22:47:16
Running from C:\Downloads\FARBAR Scan Tool
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(LogMeIn, Inc.) C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Users\administrator.MJECH\Downloads\Windows-KB890830-x64-V5.2.exe
(Microsoft Corporation) c:\4bbb2a826687fd53d88d1507\mrtstub.exe
(Microsoft Corporation) C:\Windows\system32\MRT.exe
(LogMeIn, Inc.) C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [31232 2013-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [233472 2013-07-11] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] - "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [2845720 2013-05-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [53248 2013-07-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\dtran.MJECH\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [242176 2013-07-13] (Adobe Systems, Inc.)
HKU\dtran.MJECH\...\RunOnce: [Report] - C:\AdwCleaner[S1].txt [752 2013-07-23] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={38D95CC2-F4D4-11E2-8A1D-D4BED9C6179A}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={38D95CC2-F4D4-11E2-8A1D-D4BED9C6179A}
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope {389D282A-4370-4548-9AC1-7C621BA4069A} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM - {389D282A-4370-4548-9AC1-7C621BA4069A} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={38D95CC2-F4D4-11E2-8A1D-D4BED9C6179A}
SearchScopes: HKLM-x32 - {389D282A-4370-4548-9AC1-7C621BA4069A} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={38D95CC2-F4D4-11E2-8A1D-D4BED9C6179A}
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={38D95CC2-F4D4-11E2-8A1D-D4BED9C6179A}&crg=3.5000006.10045&st=23
SearchScopes: HKCU - {389D282A-4370-4548-9AC1-7C621BA4069A} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={38D95CC2-F4D4-11E2-8A1D-D4BED9C6179A}&crg=3.5000006.10045&st=23
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
BHO: Updater By SweetPacks - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Updater By SweetPacks - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} http://10.200.176.251/webrec.cab
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 10.200.176.49 10.200.176.47 24.93.41.125 24.93.41.126

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S2 dkab_device; C:\Windows\system32\DKabcoms.exe [1049328 2009-08-03] ( )
R2 LMIRescue_ddf1a4ef-5dce-4461-abcb-348817dc71cb; C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe [2570592 2013-07-24] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1789256 2013-05-30] (Trend Micro Inc.)
S2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2013-07-12] (Trend Micro Inc.)
S3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-03-13] (Trend Micro Inc.)
S2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [1991376 2013-07-01] (Trend Micro Inc.)
S3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [585728 2013-07-14] (Trend Micro Inc.)
S3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)
S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-07-01] ()

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.)
S2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
S2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)
S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
S2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-24 22:44 - 2013-07-24 22:44 - 00000000 ____D C:\FRST
2013-07-24 22:35 - 2013-07-24 22:35 - 21728904 _____ (Microsoft Corporation) C:\Users\administrator.MJECH\Downloads\Windows-KB890830-x64-V5.2.exe
2013-07-24 22:35 - 2013-07-24 22:35 - 00000000 ____D C:\4bbb2a826687fd53d88d1507
2013-07-24 22:31 - 2013-07-24 22:34 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\administrator.MJECH\Desktop\rkill.exe
2013-07-24 22:20 - 2013-07-24 22:34 - 00002740 _____ C:\Users\administrator.MJECH\Desktop\Rkill.txt
2013-07-24 21:46 - 2013-07-24 21:46 - 00000000 ____D C:\Program Files\Updater By SweetPacks
2013-07-24 21:45 - 2013-07-24 21:45 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-07-24 21:45 - 2013-07-24 21:45 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-07-24 21:45 - 2013-07-24 21:45 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-07-24 21:45 - 2013-07-24 21:45 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-07-24 21:45 - 2013-07-17 11:20 - 01648432 _____ C:\Windows\system32\dmwu.exe
2013-07-24 21:45 - 2013-07-17 11:17 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll
2013-07-24 21:45 - 2013-07-04 02:11 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-24 21:45 - 2013-07-04 02:11 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-24 21:44 - 2013-07-24 21:44 - 00436309 _____ C:\Users\administrator.MJECH\Downloads\pscan13.exe
2013-07-24 21:44 - 2013-07-24 21:44 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner
2013-07-24 21:44 - 2013-07-24 21:44 - 00000000 ____D C:\Program Files (x86)\Advanced Port Scanner
2013-07-24 19:17 - 2013-07-24 19:17 - 00015515 _____ C:\Users\administrator.MJECH\Desktop\attach.txt
2013-07-24 19:17 - 2013-07-24 19:16 - 00020384 _____ C:\Users\administrator.MJECH\Desktop\dds.txt
2013-07-24 19:11 - 2013-07-24 19:11 - 00688992 ____R (Swearware) C:\Users\administrator.MJECH\Desktop\dds.com
2013-07-24 15:49 - 2013-07-24 15:49 - 00000937 _____ C:\AdwCleaner[R4].txt
2013-07-24 15:35 - 2013-07-24 15:35 - 00066282 _____ C:\ComboFix.txt
2013-07-24 12:52 - 2013-07-24 12:52 - 00000897 _____ C:\AdwCleaner[S2].txt
2013-07-24 12:52 - 2013-07-24 12:52 - 00000838 _____ C:\AdwCleaner[R3].txt
2013-07-24 09:33 - 2013-07-24 09:33 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Local\Apple
2013-07-24 08:34 - 2013-07-24 15:45 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet
2013-07-23 22:38 - 2013-07-23 22:38 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-23 22:38 - 2013-07-23 22:38 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a541f495-27d5-4f8e-9581-369d67f974df.job
2013-07-23 22:38 - 2013-07-23 22:38 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2728ee49-cf6a-401d-b18e-3abdd102c16b.job
2013-07-23 22:38 - 2013-07-23 22:38 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Roaming\SUPERAntiSpyware.com
2013-07-23 22:38 - 2013-07-23 22:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-23 22:38 - 2013-07-23 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-23 22:28 - 2013-07-23 22:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-23 20:04 - 2013-07-23 20:04 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-23 20:04 - 2013-07-23 20:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-23 20:03 - 2013-07-23 20:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-23 19:57 - 2013-07-23 19:57 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Local\Google
2013-07-23 19:55 - 2013-07-23 19:55 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-23 19:42 - 2013-07-23 19:42 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Roaming\Roxio Burn
2013-07-23 19:29 - 2013-07-23 19:29 - 00000752 _____ C:\AdwCleaner[S1].txt
2013-07-23 19:29 - 2013-07-23 19:29 - 00000693 _____ C:\AdwCleaner[R2].txt
2013-07-23 19:28 - 2013-07-23 19:28 - 00000634 _____ C:\AdwCleaner[R1].txt
2013-07-23 19:25 - 2013-07-23 19:26 - 00008052 _____ C:\Users\dtran.MJECH\Desktop\Rkill.txt
2013-07-23 19:25 - 2013-07-23 19:25 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\dtran.MJECH\Downloads\mbam-setup.exe
2013-07-16 09:28 - 2013-07-23 22:13 - 00000000 ____D C:\Program Files\Google
2013-07-16 09:27 - 2013-07-16 09:27 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-16 03:04 - 2013-07-16 03:06 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 14:12 - 2013-07-11 14:12 - 00002214 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-10 03:06 - 2013-07-13 19:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 03:06 - 2013-06-11 22:26 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 03:06 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 03:06 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 03:06 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 03:06 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 03:06 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 03:06 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 03:06 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 03:06 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 03:06 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 03:06 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 03:06 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 03:06 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 03:06 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 03:06 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 03:06 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 03:06 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 03:06 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 03:06 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 03:06 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 03:06 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 20:09 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 20:09 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 20:09 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 20:09 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 20:09 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 20:08 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 20:08 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-02 10:50 - 2013-07-23 14:43 - 00175104 _____ C:\Users\dtran.MJECH\Desktop\July 2013 EOM.xls

==================== One Month Modified Files and Folders =======

2013-07-24 22:44 - 2013-07-24 22:44 - 00000000 ____D C:\FRST
2013-07-24 22:35 - 2013-07-24 22:35 - 21728904 _____ (Microsoft Corporation) C:\Users\administrator.MJECH\Downloads\Windows-KB890830-x64-V5.2.exe
2013-07-24 22:35 - 2013-07-24 22:35 - 00000000 ____D C:\4bbb2a826687fd53d88d1507
2013-07-24 22:34 - 2013-07-24 22:31 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\administrator.MJECH\Desktop\rkill.exe
2013-07-24 22:34 - 2013-07-24 22:20 - 00002740 _____ C:\Users\administrator.MJECH\Desktop\Rkill.txt
2013-07-24 22:32 - 2009-07-14 00:13 - 01034360 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 22:27 - 2012-03-26 16:26 - 00000240 _____ C:\Windows\system32\config\netlogon.ftl
2013-07-24 22:26 - 2013-01-08 18:00 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 22:26 - 2012-03-09 19:29 - 02071958 _____ C:\Windows\WindowsUpdate.log
2013-07-24 21:46 - 2013-07-24 21:46 - 00000000 ____D C:\Program Files\Updater By SweetPacks
2013-07-24 21:45 - 2013-07-24 21:45 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-07-24 21:45 - 2013-07-24 21:45 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-07-24 21:45 - 2013-07-24 21:45 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-07-24 21:45 - 2013-07-24 21:45 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-07-24 21:44 - 2013-07-24 21:44 - 00436309 _____ C:\Users\administrator.MJECH\Downloads\pscan13.exe
2013-07-24 21:44 - 2013-07-24 21:44 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner
2013-07-24 21:44 - 2013-07-24 21:44 - 00000000 ____D C:\Program Files (x86)\Advanced Port Scanner
2013-07-24 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-07-24 20:26 - 2013-01-08 18:00 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 19:17 - 2013-07-24 19:17 - 00015515 _____ C:\Users\administrator.MJECH\Desktop\attach.txt
2013-07-24 19:16 - 2013-07-24 19:17 - 00020384 _____ C:\Users\administrator.MJECH\Desktop\dds.txt
2013-07-24 19:11 - 2013-07-24 19:11 - 00688992 ____R (Swearware) C:\Users\administrator.MJECH\Desktop\dds.com
2013-07-24 17:19 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 17:19 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 17:10 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 17:10 - 2009-07-13 23:51 - 00043023 _____ C:\Windows\setupact.log
2013-07-24 15:54 - 2010-11-20 22:47 - 00071102 _____ C:\Windows\PFRO.log
2013-07-24 15:49 - 2013-07-24 15:49 - 00000937 _____ C:\AdwCleaner[R4].txt
2013-07-24 15:45 - 2013-07-24 08:34 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Local\LogMeIn Rescue Applet
2013-07-24 15:35 - 2013-07-24 15:35 - 00066282 _____ C:\ComboFix.txt
2013-07-24 15:35 - 2012-12-12 14:41 - 00000000 ____D C:\Qoobox
2013-07-24 15:31 - 2012-12-12 14:41 - 00000000 ____D C:\Windows\erdnt
2013-07-24 15:31 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-07-24 15:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-07-24 12:52 - 2013-07-24 12:52 - 00000897 _____ C:\AdwCleaner[S2].txt
2013-07-24 12:52 - 2013-07-24 12:52 - 00000838 _____ C:\AdwCleaner[R3].txt
2013-07-24 10:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2013-07-24 10:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\com
2013-07-24 09:33 - 2013-07-24 09:33 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Local\Apple
2013-07-24 09:33 - 2012-12-12 12:30 - 00000000 ____D C:\Users\dtran.MJECH\AppData\Local\LogMeIn Rescue Applet
2013-07-24 09:18 - 2012-03-26 16:28 - 00006666 __RSH C:\ProgramData\ntuser.pol
2013-07-24 09:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-07-23 22:38 - 2013-07-23 22:38 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-23 22:38 - 2013-07-23 22:38 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a541f495-27d5-4f8e-9581-369d67f974df.job
2013-07-23 22:38 - 2013-07-23 22:38 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2728ee49-cf6a-401d-b18e-3abdd102c16b.job
2013-07-23 22:38 - 2013-07-23 22:38 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Roaming\SUPERAntiSpyware.com
2013-07-23 22:38 - 2013-07-23 22:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-23 22:38 - 2013-07-23 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-23 22:35 - 2013-07-23 22:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-23 22:13 - 2013-07-16 09:28 - 00000000 ____D C:\Program Files\Google
2013-07-23 22:13 - 2013-01-08 18:00 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-23 20:04 - 2013-07-23 20:04 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-23 20:04 - 2013-07-23 20:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-23 20:04 - 2013-07-23 20:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-23 19:57 - 2013-07-23 19:57 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Local\Google
2013-07-23 19:55 - 2013-07-23 19:55 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-23 19:42 - 2013-07-23 19:42 - 00000000 ____D C:\Users\administrator.MJECH\AppData\Roaming\Roxio Burn
2013-07-23 19:34 - 2012-05-02 11:52 - 00001415 _____ C:\Users\administrator.MJECH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-23 19:34 - 2012-05-02 11:52 - 00000000 ___RD C:\Users\administrator.MJECH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-23 19:34 - 2012-05-02 11:52 - 00000000 ___RD C:\Users\administrator.MJECH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-23 19:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-23 19:29 - 2013-07-23 19:29 - 00000752 _____ C:\AdwCleaner[S1].txt
2013-07-23 19:29 - 2013-07-23 19:29 - 00000693 _____ C:\AdwCleaner[R2].txt
2013-07-23 19:28 - 2013-07-23 19:28 - 00000634 _____ C:\AdwCleaner[R1].txt
2013-07-23 19:26 - 2013-07-23 19:25 - 00008052 _____ C:\Users\dtran.MJECH\Desktop\Rkill.txt
2013-07-23 19:25 - 2013-07-23 19:25 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\dtran.MJECH\Downloads\mbam-setup.exe
2013-07-23 19:20 - 2012-03-26 16:49 - 00000000 ____D C:\Users\dtran.MJECH\Documents\Outlook
2013-07-23 14:43 - 2013-07-02 10:50 - 00175104 _____ C:\Users\dtran.MJECH\Desktop\July 2013 EOM.xls
2013-07-21 11:47 - 2013-01-22 12:36 - 00000000 _____ C:\Windows\system32\DAC_ELIST
2013-07-17 11:20 - 2013-07-24 21:45 - 01648432 _____ C:\Windows\system32\dmwu.exe
2013-07-17 11:17 - 2013-07-24 21:45 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll
2013-07-16 15:54 - 2012-05-02 11:34 - 00000000 ____D C:\Users\dtran.MJECH\AppData\Roaming\Adobe
2013-07-16 15:23 - 2012-09-13 11:58 - 00000000 ____D C:\Users\dtran.MJECH\AppData\Local\join.me
2013-07-16 09:27 - 2013-07-16 09:27 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-16 09:27 - 2012-03-09 19:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-16 09:26 - 2012-03-09 19:55 - 00000000 ____D C:\ProgramData\Adobe
2013-07-16 09:25 - 2012-05-02 11:34 - 00000000 ____D C:\Users\dtran.MJECH\AppData\Local\Adobe
2013-07-16 03:06 - 2013-07-16 03:04 - 00000000 ____D C:\Windows\system32\MRT
2013-07-16 03:04 - 2011-02-10 09:33 - 01013822 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-15 19:57 - 2012-03-09 20:06 - 00052528 _____ C:\Windows\system32\TmInstall.log
2013-07-13 19:18 - 2010-11-20 22:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2013-07-13 19:18 - 2010-11-20 22:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2013-07-13 19:18 - 2010-11-20 22:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2013-07-13 19:18 - 2010-11-20 22:24 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
2013-07-13 19:18 - 2010-11-20 22:23 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-07-13 19:18 - 2010-11-20 22:23 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-07-13 19:18 - 2010-11-20 22:23 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-13 19:18 - 2009-07-13 19:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcmsetup.exe
2013-07-13 19:18 - 2009-07-13 19:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2013-07-13 19:18 - 2009-07-13 19:09 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unregmp2.exe
2013-07-13 19:18 - 2009-07-13 19:08 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\alg.exe
2013-07-13 19:18 - 2009-07-13 19:02 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSTheme.exe
2013-07-13 19:18 - 2009-07-13 18:59 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\msdtc.exe
2013-07-13 19:18 - 2009-07-13 18:55 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
2013-07-13 19:18 - 2009-07-13 18:55 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRACERT.EXE
2013-07-13 19:18 - 2009-07-13 18:55 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TCPSVCS.EXE
2013-07-13 19:18 - 2009-07-13 18:52 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
2013-07-13 19:18 - 2009-07-13 18:40 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.exe
2013-07-13 19:18 - 2009-07-13 18:20 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2013-07-13 19:18 - 2009-07-13 18:19 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2013-07-13 19:18 - 2009-07-13 18:15 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
2013-07-13 19:18 - 2009-07-13 18:12 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmInit.exe
2013-07-13 19:16 - 2010-11-20 22:25 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2013-07-13 19:16 - 2010-11-20 22:24 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2013-07-13 19:16 - 2010-11-20 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2013-07-13 19:16 - 2010-11-20 22:23 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2013-07-13 19:16 - 2010-11-20 22:23 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2013-07-13 19:16 - 2009-07-13 19:19 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TapiUnattend.exe
2013-07-13 19:16 - 2009-07-13 19:13 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2013-07-13 19:16 - 2009-07-13 19:13 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2013-07-13 19:16 - 2009-07-13 19:07 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncHost.exe
2013-07-13 19:16 - 2009-07-13 18:57 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
2013-07-13 19:16 - 2009-07-13 18:40 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesRemote.exe
2013-07-13 19:16 - 2009-07-13 18:40 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesProtection.exe
2013-07-13 19:16 - 2009-07-13 18:40 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesPerformance.exe
2013-07-13 19:16 - 2009-07-13 18:40 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesHardware.exe
2013-07-13 19:16 - 2009-07-13 18:40 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe
2013-07-13 19:16 - 2009-07-13 18:40 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesComputerName.exe
2013-07-13 19:16 - 2009-07-13 18:40 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe
2013-07-13 19:16 - 2009-07-13 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
2013-07-13 19:16 - 2009-07-13 18:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syskey.exe
2013-07-13 19:16 - 2009-07-13 18:16 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxstrace.exe
2013-07-13 19:16 - 2009-07-13 18:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subst.exe
2013-07-13 19:13 - 2010-11-20 22:24 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2013-07-13 19:13 - 2009-07-13 18:15 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sort.exe
2013-07-13 19:12 - 2013-03-19 03:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-13 19:12 - 2012-03-09 21:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-07-13 19:12 - 2012-03-09 21:20 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-07-13 19:12 - 2012-03-09 21:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-07-13 19:12 - 2010-11-20 22:24 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2013-07-13 19:12 - 2010-11-20 22:24 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2013-07-13 19:12 - 2010-11-20 22:24 - 00098816 _____ (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2013-07-13 19:12 - 2010-11-20 22:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2013-07-13 19:12 - 2010-11-20 22:23 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2013-07-13 19:12 - 2009-07-13 19:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2013-07-13 19:12 - 2009-07-13 18:56 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\scrnsave.scr
2013-07-13 19:12 - 2009-07-13 18:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ROUTE.EXE
2013-07-13 19:12 - 2009-07-13 18:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcPing.exe
2013-07-13 19:12 - 2009-07-13 18:41 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RunLegacyCPLElevated.exe
2013-07-13 19:12 - 2009-07-13 18:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2013-07-13 19:12 - 2009-07-13 18:41 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrnsave.scr
2013-07-13 19:12 - 2009-07-13 18:40 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbunattend.exe
2013-07-13 19:12 - 2009-07-13 18:34 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shutdown.exe
2013-07-13 19:12 - 2009-07-13 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SecEdit.exe
2013-07-13 19:12 - 2009-07-13 18:31 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shrpubw.exe
2013-07-13 19:12 - 2009-07-13 18:22 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secinit.exe
2013-07-13 19:12 - 2009-07-13 18:20 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2013-07-13 19:12 - 2009-07-13 18:19 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sc.exe
2013-07-13 19:12 - 2009-07-13 18:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdiagnhost.exe
2013-07-13 19:12 - 2009-07-13 18:15 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setx.exe
2013-07-13 19:12 - 2009-07-13 18:15 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sfc.exe
2013-07-13 19:12 - 2009-07-13 18:15 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runas.exe
2013-07-13 19:12 - 2009-07-13 18:12 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2013-07-13 19:11 - 2013-07-10 03:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 19:11 - 2010-11-20 22:25 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2013-07-13 19:11 - 2010-11-20 22:24 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2013-07-13 19:11 - 2010-11-20 22:24 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2013-07-13 19:11 - 2010-11-20 22:24 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2013-07-13 19:11 - 2010-11-20 22:24 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2013-07-13 19:11 - 2010-11-20 22:24 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2013-07-13 19:11 - 2010-11-20 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PushPrinterConnections.exe
2013-07-13 19:11 - 2010-11-20 22:24 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2013-07-13 19:11 - 2010-11-20 22:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-07-13 19:11 - 2009-07-13 18:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regini.exe
2013-07-13 19:11 - 2009-07-13 18:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
2013-07-13 19:11 - 2009-07-13 18:54 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdial.exe
2013-07-13 19:11 - 2009-07-13 18:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasphone.exe
2013-07-13 19:11 - 2009-07-13 18:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasautou.exe
2013-07-13 19:11 - 2009-07-13 18:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\rekeywiz.exe
2013-07-13 19:11 - 2009-07-13 18:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\reg.exe
2013-07-13 19:11 - 2009-07-13 18:22 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RmClient.exe
2013-07-13 19:11 - 2009-07-13 18:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raserver.exe
2013-07-13 19:11 - 2009-07-13 18:20 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdrleakdiag.exe
2013-07-13 19:11 - 2009-07-13 18:19 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2013-07-13 19:11 - 2009-07-13 18:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\reg.exe
2013-07-13 19:11 - 2009-07-13 18:15 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\replace.exe
2013-07-13 19:11 - 2009-07-13 18:15 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\recover.exe
2013-07-13 19:11 - 2009-07-13 18:15 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regedt32.exe
2013-07-13 19:10 - 2012-03-09 21:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-07-13 19:10 - 2010-11-20 22:25 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2013-07-13 19:10 - 2010-11-20 22:25 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-07-13 19:10 - 2010-11-20 22:24 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2013-07-13 19:10 - 2010-11-20 22:24 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2013-07-13 19:10 - 2010-11-20 22:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2013-07-13 19:10 - 2009-07-13 19:18 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2013-07-13 19:10 - 2009-07-13 19:14 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2013-07-13 19:10 - 2009-07-13 19:10 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\PING.EXE
2013-07-13 19:10 - 2009-07-13 18:55 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
2013-07-13 19:10 - 2009-07-13 18:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PATHPING.EXE
2013-07-13 19:10 - 2009-07-13 18:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OptionalFeatures.exe
2013-07-13 19:10 - 2009-07-13 18:33 - 00732672 _____ (Microsoft Corporation) C:\Windows\system32\psr.exe
2013-07-13 19:10 - 2009-07-13 18:20 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2013-07-13 19:10 - 2009-07-13 18:16 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.exe
2013-07-13 19:10 - 2009-07-13 18:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-07-13 19:10 - 2009-07-13 18:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\print.exe
2013-07-13 19:09 - 2010-11-20 22:24 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2013-07-13 19:09 - 2010-11-20 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2013-07-13 19:09 - 2009-07-13 19:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2013-07-13 19:09 - 2009-07-13 19:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.exe
2013-07-13 19:09 - 2009-07-13 19:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcad32.exe
2013-07-13 19:09 - 2009-07-13 18:55 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NETSTAT.EXE
2013-07-13 19:09 - 2009-07-13 18:54 - 00096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netsh.exe
2013-07-13 19:09 - 2009-07-13 18:41 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2013-07-13 19:09 - 2009-07-13 18:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Netplwiz.exe
2013-07-13 19:09 - 2009-07-13 18:16 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.exe
2013-07-13 19:08 - 2010-11-20 22:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2013-07-13 19:08 - 2010-11-20 22:24 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-13 19:08 - 2010-11-20 22:24 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2013-07-13 19:08 - 2010-11-20 22:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2013-07-13 19:08 - 2010-11-20 22:24 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2013-07-13 19:08 - 2010-11-20 22:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
2013-07-13 19:08 - 2010-11-20 22:24 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2013-07-13 19:08 - 2010-11-20 22:23 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
2013-07-13 19:08 - 2009-07-13 18:58 - 06676480 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2013-07-13 19:08 - 2009-07-13 18:52 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
2013-07-13 19:08 - 2009-07-13 18:44 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtstocom.exe
2013-07-13 19:08 - 2009-07-13 18:37 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net.exe
2013-07-13 19:08 - 2009-07-13 18:20 - 00108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2013-07-13 19:08 - 2009-07-13 18:16 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndadmin.exe
2013-07-13 19:07 - 2013-03-19 03:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-13 19:07 - 2013-03-19 03:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-13 19:07 - 2010-11-20 22:25 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2013-07-13 19:07 - 2009-07-13 18:55 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRINFO.EXE
2013-07-13 19:07 - 2009-07-13 18:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2013-07-13 19:07 - 2009-07-13 18:20 - 00983040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdt.exe
2013-07-13 19:07 - 2009-07-13 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mountvol.exe
2013-07-13 19:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-13 18:57 - 2010-11-20 22:23 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2013-07-13 18:57 - 2009-07-13 19:13 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-07-13 18:57 - 2009-07-13 19:03 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2013-07-13 18:57 - 2009-07-13 18:17 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2013-07-13 18:57 - 2009-07-13 18:12 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\makecab.exe
2013-07-13 18:56 - 2010-11-20 22:24 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2013-07-13 18:54 - 2012-03-26 16:20 - 00218624 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-13 18:54 - 2012-03-26 16:20 - 00168448 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-13 18:54 - 2012-03-26 16:20 - 00168448 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-13 18:54 - 2012-03-09 19:45 - 00246784 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-13 18:54 - 2012-03-09 19:45 - 00183296 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-13 18:54 - 2012-03-09 19:45 - 00183296 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-13 18:54 - 2010-11-20 22:24 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2013-07-13 18:54 - 2009-07-13 18:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationNotifications.exe
2013-07-13 18:54 - 2009-07-13 18:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lodctr.exe
2013-07-13 18:54 - 2009-07-13 18:15 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ktmutil.exe
2013-07-13 18:54 - 2009-07-13 18:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\label.exe
2013-07-13 18:53 - 2010-11-20 22:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2013-07-13 18:53 - 2010-11-20 22:24 - 00144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2013-07-13 18:53 - 2009-07-13 18:55 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipconfig.exe
2013-07-13 18:53 - 2009-07-13 18:46 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicpl.exe
2013-07-13 18:48 - 2009-07-13 18:16 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InfDefaultInstall.exe
2013-07-13 18:45 - 2013-03-19 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-13 18:45 - 2013-03-19 03:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-13 18:45 - 2009-07-13 19:36 - 00612864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2013-07-13 18:45 - 2009-07-13 18:55 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HOSTNAME.EXE
2013-07-13 18:45 - 2009-07-13 18:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icsunattend.exe
2013-07-13 18:45 - 2009-07-13 18:15 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icacls.exe
2013-07-13 18:45 - 2009-07-13 18:15 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\help.exe
2013-07-13 18:44 - 2012-03-09 21:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2013-07-13 18:44 - 2010-11-20 22:24 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2013-07-13 18:44 - 2010-11-20 22:24 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2013-07-13 18:44 - 2009-07-13 19:12 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2013-07-13 18:44 - 2009-07-13 18:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\finger.exe
2013-07-13 18:44 - 2009-07-13 18:54 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe
2013-07-13 18:44 - 2009-07-13 18:41 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontview.exe
2013-07-13 18:44 - 2009-07-13 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\grpconv.exe
2013-07-13 18:44 - 2009-07-13 18:39 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpupdate.exe
2013-07-13 18:44 - 2009-07-13 18:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2013-07-13 18:44 - 2009-07-13 18:31 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\getmac.exe
2013-07-13 18:44 - 2009-07-13 18:16 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hdwwiz.exe
2013-07-13 18:44 - 2009-07-13 18:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\forfiles.exe
2013-07-13 18:44 - 2009-07-13 18:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\find.exe
2013-07-13 18:44 - 2009-07-13 18:14 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fltMC.exe
2013-07-13 18:43 - 2010-11-20 22:24 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2013-07-13 18:43 - 2009-07-13 18:32 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esentutl.exe
2013-07-13 18:43 - 2009-07-13 18:31 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcreate.exe
2013-07-13 18:43 - 2009-07-13 18:29 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventvwr.exe
2013-07-13 18:43 - 2009-07-13 18:15 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fc.exe
2013-07-13 18:43 - 2009-07-13 18:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\extrac32.exe
2013-07-13 18:43 - 2009-07-13 18:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\expand.exe
2013-07-13 18:33 - 2009-07-13 19:03 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe
2013-07-13 18:33 - 2009-07-13 19:03 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dvdplay.exe
2013-07-13 18:33 - 2009-07-13 18:46 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAuthn.exe
2013-07-13 18:33 - 2009-07-13 18:33 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efsui.exe
2013-07-13 18:33 - 2009-07-13 18:28 - 00264704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2013-07-13 18:33 - 2009-07-13 18:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2013-07-13 18:33 - 2009-07-13 18:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2013-07-13 16:26 - 2009-07-13 19:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2013-07-13 16:26 - 2009-07-13 18:40 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DpiScaling.exe
2013-07-13 16:26 - 2009-07-13 18:32 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapimig.exe
2013-07-13 16:26 - 2009-07-13 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\driverquery.exe
2013-07-13 16:26 - 2009-07-13 18:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\doskey.exe
2013-07-13 16:25 - 2012-03-09 21:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2013-07-13 16:25 - 2011-08-30 23:05 - 00090112 _____ (Apple Inc.) C:\Windows\system32\dns-sd.exe
2013-07-13 16:25 - 2011-08-30 23:05 - 00077824 _____ (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2013-07-13 16:25 - 2010-11-20 22:24 - 00586752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2013-07-13 16:25 - 2010-11-20 22:24 - 00276480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2013-07-13 16:25 - 2010-11-20 22:24 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2013-07-13 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-13 16:25 - 2009-07-13 19:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dialer.exe
2013-07-13 16:25 - 2009-07-13 18:44 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomcnfg.exe
2013-07-13 16:25 - 2009-07-13 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dllhst3g.exe
2013-07-13 16:25 - 2009-07-13 18:42 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-07-13 16:25 - 2009-07-13 18:42 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingWizard.exe
2013-07-13 16:25 - 2009-07-13 18:41 - 00309248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cttune.exe
2013-07-13 16:25 - 2009-07-13 18:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceProperties.exe
2013-07-13 16:25 - 2009-07-13 18:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cttunesvr.exe
2013-07-13 16:25 - 2009-07-13 18:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplaySwitch.exe
2013-07-13 16:25 - 2009-07-13 18:26 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ctfmon.exe
2013-07-13 16:25 - 2009-07-13 18:25 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dccw.exe
2013-07-13 16:25 - 2009-07-13 18:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ddodiag.exe
2013-07-13 16:25 - 2009-07-13 18:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2013-07-13 16:25 - 2009-07-13 18:18 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2013-07-13 16:25 - 2009-07-13 18:12 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diantz.exe
2013-07-13 16:24 - 2009-07-13 18:34 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credwiz.exe
2013-07-13 16:24 - 2009-07-13 18:15 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\convert.exe
2013-07-13 14:33 - 2013-06-12 03:06 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-13 14:33 - 2010-11-20 22:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2013-07-13 14:33 - 2010-11-20 22:24 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmstp.exe
2013-07-13 14:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-13 14:33 - 2009-07-13 19:12 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cliconfg.exe
2013-07-13 14:33 - 2009-07-13 18:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
2013-07-13 14:33 - 2009-07-13 18:54 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdl32.exe
2013-07-13 14:33 - 2009-07-13 18:41 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2013-07-13 14:33 - 2009-07-13 18:40 - 00212480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cleanmgr.exe
2013-07-13 14:33 - 2009-07-13 18:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ComputerDefaults.exe
2013-07-13 14:33 - 2009-07-13 18:34 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdkey.exe
2013-07-13 14:33 - 2009-07-13 18:33 - 00263168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certreq.exe
2013-07-13 14:33 - 2009-07-13 18:33 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2013-07-13 14:33 - 2009-07-13 18:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\colorcpl.exe
2013-07-13 14:33 - 2009-07-13 18:15 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cipher.exe
2013-07-13 14:33 - 2009-07-13 18:15 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\choice.exe
2013-07-13 14:33 - 2009-07-13 18:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clip.exe
2013-07-13 14:33 - 2009-07-13 18:15 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comp.exe
2013-07-13 14:33 - 2009-07-13 18:15 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compact.exe
2013-07-13 14:33 - 2009-07-13 18:15 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chkntfs.exe
2013-07-13 14:33 - 2009-07-13 18:15 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chkdsk.exe
2013-07-13 14:32 - 2010-11-20 22:25 - 00878592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2013-07-13 14:32 - 2010-11-20 22:25 - 00776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2013-07-13 14:32 - 2010-11-20 22:24 - 00899584 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2013-07-13 14:32 - 2010-11-20 22:24 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsadmin.exe
2013-07-13 14:32 - 2009-07-13 18:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthudtask.exe
2013-07-13 14:32 - 2009-07-13 18:31 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bootcfg.exe
2013-07-13 14:32 - 2009-07-13 18:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cacls.exe
2013-07-13 14:31 - 2009-07-13 19:13 - 00029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AtBroker.exe
2013-07-13 14:31 - 2009-07-13 18:55 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ARP.EXE
2013-07-13 14:31 - 2009-07-13 18:40 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdapterTroubleshooter.exe
2013-07-13 14:31 - 2009-07-13 18:37 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\at.exe
2013-07-13 14:31 - 2009-07-13 18:34 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2013-07-13 14:31 - 2009-07-13 18:15 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\attrib.exe
2013-07-13 14:04 - 2012-06-11 10:20 - 00003274 _____ C:\ProgramData\dkab.log
2013-07-13 02:08 - 2009-07-13 18:40 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\control.exe
2013-07-12 20:21 - 2013-01-08 18:00 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 20:21 - 2013-01-08 18:00 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 16:32 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-12 16:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-12 14:24 - 2012-05-13 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 06:29 - 2012-12-12 12:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 23:42 - 2012-06-14 10:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-11 19:04 - 2012-06-14 10:21 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-11 17:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-11 17:38 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-11 17:34 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 17:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 17:31 - 2012-05-13 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 17:01 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-11 15:18 - 2010-11-20 22:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2013-07-11 15:18 - 2009-07-13 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
2013-07-11 14:12 - 2013-07-11 14:12 - 00002214 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-11 14:12 - 2013-01-08 18:00 - 00000000 ____D C:\Users\dtran.MJECH\AppData\Local\Google
2013-07-10 10:05 - 2013-06-03 13:09 - 00175616 _____ C:\Users\dtran.MJECH\Desktop\June 2013 EOM.xls
2013-07-10 03:30 - 2009-07-13 23:45 - 00583464 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 03:28 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 03:13 - 2012-03-26 16:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-04 02:11 - 2013-07-24 21:45 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-04 02:11 - 2013-07-24 21:45 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-01 13:05 - 2013-05-01 15:58 - 00183808 _____ C:\Users\dtran.MJECH\Desktop\May 2013 EOM.xls
2013-07-01 13:05 - 2013-04-02 13:49 - 00175616 _____ C:\Users\dtran.MJECH\Desktop\April 2013 EOM report.xls
2013-06-24 11:50 - 2012-07-30 09:55 - 00000000 ____D C:\Users\dtran.MJECH\AppData\Local\Windows Live
2013-06-24 00:57 - 2012-12-20 04:02 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2012-03-09 21:20] - [2012-03-09 21:20] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {36b3316b-6a55-11e1-b036-d4bed9c6179a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {36b3316d-6a55-11e1-b036-d4bed9c6179a}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {36b3316b-6a55-11e1-b036-d4bed9c6179a}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {36b3316d-6a55-11e1-b036-d4bed9c6179a}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{36b3316e-6a55-11e1-b036-d4bed9c6179a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{36b3316e-6a55-11e1-b036-d4bed9c6179a}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {36b3316b-6a55-11e1-b036-d4bed9c6179a}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {36b3316e-6a55-11e1-b036-d4bed9c6179a}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

 

LastRegBack: 2013-07-23 00:15

==================== End Of Log ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:55 AM

Posted 26 July 2013 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:55 AM

Posted 02 August 2013 - 08:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users