mrcolin1
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by mrcolin1
-
Hi Gringo, I removed what you asked me to on HijackThis. Also, I just ran the online ESET scanner and it found nothing. When I ran it a week or two back (when you originally asked), it found some threats and I removed them. The computer seems to be ok -- though it has been running quite slow the last week. Any suggestions? Not a problem if you're busy, I've kept you long enough on here!
-
Hi Gringo, Again, sorry to be bad about this, but I DO want to finish up the process. Computer is running better, but I need to be dilligent and finish the process off. I promise I'll run the last scans and post logs in the morning. Thanks, Colin
-
Hi Gringo, Sorry I've been busy as of late. I'll get to this tomorrow if that is ok.
-
Gringo -- The icons now appear. After shutting down though, they again were not present on restart. I clicked on the "show icons" again when they came up. Also, occasionaly my computer will suddenly start after it's been sleeping and the lid is closed with no power supply. Do you think this is related to a virus?
-
Here is the report after running OTL --- Icons still don't appear. Seems like the problem is still hidden somewhere. ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found. Registry value HKEY_USERS\S-1-5-21-2086934428-1904327760-3196116789-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully. File move failed. C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_USERS\S-1-5-21-2086934428-1904327760-3196116789-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found. C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\META-INF folder moved successfully. C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\gen folder moved successfully. C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\defaults\preferences folder moved successfully. C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\defaults folder moved successfully. C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\components folder moved successfully. C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\chrome folder moved successfully. C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Colin\Downloads\cmd.bat deleted successfully. C:\Users\Colin\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Colin ->Java cache emptied: 0 bytes User: Default User: Default User User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Colin ->Flash cache emptied: 774 bytes User: Default User: Default User User: Public User: UpdatusUser Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11152012_115321 Files\Folders moved on Reboot... File\Folder C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...
-
Sorry this is keeping you Gringo -- You've been great in support. When I restarted after the unhide application, windows updated 2 files. During restart, it said something about updating registry files on the Black Windows screen, not sure if that helps. Here is the latest log from OTL. oOTL logfile created on: 11/14/2012 11:32:20 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Colin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.92 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 72.89% Memory free 15.83 Gb Paging File | 13.48 Gb Available in Paging File | 85.18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.47 Gb Total Space | 32.24 Gb Free Space | 7.13% Space Free | Partition Type: NTFS Drive G: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.99% Space Free | Partition Type: FAT32 Computer Name: COLIN-PC | User Name: Colin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Colin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0beca50c12eaf6f0bff6236eb72cc36e\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6735246d68993bee06abd24deeb32983\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation) SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms} IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Colin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Colin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 15:20:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/23 20:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Extensions [2012/10/23 12:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions [2012/04/23 11:26:52 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com [2012/10/27 15:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/27 15:20:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/30 19:02:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/13 16:14:50 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\23.0.1271.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\23.0.1271.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\23.0.1271.60\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Evernote Web Clipper = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.7_0\ CHR - Extension: Gmail = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/11/14 13:27:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [D3DOverrider] C:\D3DOverrider\D3DOverriderWrapper.exe () O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites) O15 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149F73DE-6C21-4612-BDC1-27DE7C9DFD27}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A430ED-4DA1-4791-A4A6-B95DC9757DBA}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/14 22:11:01 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Malwarebytes [2012/11/14 22:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/14 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/14 22:10:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/11/14 22:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/14 22:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/11/14 22:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/14 22:04:58 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/11/14 22:04:52 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/14 22:04:52 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/14 22:04:52 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/14 22:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/11/14 22:01:31 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012/11/14 22:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012/11/14 21:55:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/14 20:31:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/14 13:27:39 | 000,000,000 | ---D | C] -- C:\FRST [2012/11/14 13:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/14 13:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/14 13:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/14 13:20:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/14 13:20:05 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\Colin\Desktop\ComboFix.exe [2012/11/14 13:14:30 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\RK_Quarantine [2012/11/14 13:05:41 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/14 13:05:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/14 13:01:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/14 13:01:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/14 13:01:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/14 13:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/14 13:01:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/14 13:01:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/14 13:01:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/14 13:01:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/14 13:01:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/14 13:01:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/14 13:01:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/14 13:01:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/14 13:01:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/14 13:01:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/14 13:01:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/14 12:59:33 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/14 12:59:32 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/14 12:59:32 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/14 12:59:32 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/13 22:01:18 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/13 22:01:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/13 22:01:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/13 22:01:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/13 22:01:14 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/13 22:01:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/13 22:01:13 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/13 22:01:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/13 22:01:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/13 22:01:02 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/13 22:01:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/12 08:07:51 | 000,000,000 | ---D | C] -- C:\Users\Colin\Savages UNRATED (2012) [2012/11/11 07:09:07 | 000,000,000 | ---D | C] -- C:\Users\Colin\Workingmans.Death.2005.PAL.DVDR [2012/11/05 16:30:55 | 000,000,000 | ---D | C] -- C:\Users\Colin\Putty Hill 2010.DVDRip.XviD-playXD [2012/11/05 12:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/11/05 12:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012/10/29 17:57:52 | 000,000,000 | ---D | C] -- C:\Users\Colin\The Interrupters 2011 720p BRRip x264 AC3-26K [2012/10/27 15:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012/11/14 23:30:46 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/14 23:30:46 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/14 23:29:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/14 23:28:37 | 000,416,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/14 23:28:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/14 23:27:54 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys [2012/11/14 23:23:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/14 23:20:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/14 22:45:36 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001UA.job [2012/11/14 22:45:34 | 000,002,372 | ---- | M] () -- C:\Users\Colin\Desktop\Google Chrome.lnk [2012/11/14 22:44:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001Core.job [2012/11/14 22:19:15 | 000,001,485 | ---- | M] () -- C:\Users\Colin\Desktop\HijackThis - Shortcut.lnk [2012/11/14 22:10:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/14 22:06:17 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/11/14 22:04:47 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/14 22:04:44 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/11/14 22:04:44 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/11/14 22:04:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/14 22:04:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/14 22:01:31 | 000,001,270 | ---- | M] () -- C:\Users\Colin\Desktop\Revo Uninstaller.lnk [2012/11/14 20:23:25 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/14 20:23:25 | 000,663,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/14 20:23:25 | 000,122,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/14 14:41:15 | 000,001,485 | ---- | M] () -- C:\Users\Colin\Desktop\adwcleaner - Shortcut.lnk [2012/11/14 14:35:20 | 000,000,512 | ---- | M] () -- C:\Users\Colin\Documents\MBR.dat [2012/11/14 13:27:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/14 13:20:15 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\Colin\Desktop\ComboFix.exe [2012/11/14 13:01:07 | 000,001,494 | ---- | M] () -- C:\Users\Colin\Desktop\RogueKiller - Shortcut.lnk [2012/11/12 14:30:28 | 000,077,560 | ---- | M] () -- C:\Users\Colin\Documents\Admin Assistant Cover Letter - Investment Firm.pdf [2012/11/12 14:24:08 | 000,078,166 | ---- | M] () -- C:\Users\Colin\Documents\News Agent Asisstant Cover Letter.pdf [2012/11/09 12:47:56 | 000,001,642 | ---- | M] () -- C:\Users\Colin\Desktop\FM 13.lnk [2012/11/05 13:06:31 | 000,076,449 | ---- | M] () -- C:\Users\Colin\Documents\Internet Marketing Cover - Colin Lindsey.pdf [2012/11/05 12:51:25 | 000,076,658 | ---- | M] () -- C:\Users\Colin\Documents\Legal Assistant Cover Letter.pdf [2012/11/05 12:43:48 | 000,074,549 | ---- | M] () -- C:\Users\Colin\Documents\Human Resources Clerk Cover Letter.pdf [2012/11/02 13:28:26 | 000,076,427 | ---- | M] () -- C:\Users\Colin\Documents\Administrative Assistant Cover Letter.pdf [2012/11/02 13:24:09 | 000,078,890 | ---- | M] () -- C:\Users\Colin\Documents\OnForce Solar Cover Letter - Colin Lindsey.pdf [2012/11/02 13:14:28 | 000,076,001 | ---- | M] () -- C:\Users\Colin\Documents\Extreme Reach Cover Letter - Colin Lindsey.pdf [2012/10/29 11:14:28 | 000,076,896 | ---- | M] () -- C:\Users\Colin\Documents\Front Office Assistant Cover Letter.pdf [2012/10/29 11:08:33 | 000,079,401 | ---- | M] () -- C:\Users\Colin\Documents\Mt Sequoyah Cover Letter - Colin Lindsey.pdf [2012/10/25 14:11:21 | 000,078,633 | ---- | M] () -- C:\Users\Colin\Documents\Madoff Productions Cover Letter - Colin Lindsey.pdf [2012/10/25 13:56:04 | 000,077,767 | ---- | M] () -- C:\Users\Colin\Documents\NonProfit Events Cover Letter - Colin Lindsey.pdf [2012/10/25 13:30:25 | 000,079,276 | ---- | M] () -- C:\Users\Colin\Documents\Law Offices of Marian Polovy Cover Letter - Colin Lindsey.pdf [2012/10/23 15:43:06 | 000,076,738 | ---- | M] () -- C:\Users\Colin\Documents\Government Affairs Assistant Cover Letter.pdf [2012/10/23 12:08:43 | 000,079,486 | ---- | M] () -- C:\Users\Colin\Documents\Voxy Cover Letter.pdf [2012/10/22 17:49:24 | 000,076,928 | ---- | M] () -- C:\Users\Colin\Documents\IT Consulting Firm Cover Letter.pdf [2012/10/17 14:10:41 | 000,077,441 | ---- | M] () -- C:\Users\Colin\Documents\Admin Assistant Cover Letter.pdf [2012/10/17 14:06:24 | 000,074,091 | ---- | M] () -- C:\Users\Colin\Documents\Hostel Cover Letter.pdf [2012/10/17 13:51:54 | 000,076,759 | ---- | M] () -- C:\Users\Colin\Documents\Background Investigator Cover Letter.pdf [2012/10/17 13:28:25 | 000,079,166 | ---- | M] () -- C:\Users\Colin\Documents\LEAP NYC Cover Letter.pdf [2012/10/16 11:22:49 | 000,079,153 | ---- | M] () -- C:\Users\Colin\Documents\Public Knowlege Cover Letter.pdf [2012/10/16 11:11:01 | 000,079,513 | ---- | M] () -- C:\Users\Colin\Documents\Washington Area Community Investment Fund Cover.pdf [2012/10/16 10:43:37 | 000,078,726 | ---- | M] () -- C:\Users\Colin\Documents\The Brookings Institution Cover Letter.pdf ========== Files Created - No Company Name ========== [2012/11/14 22:18:30 | 000,001,485 | ---- | C] () -- C:\Users\Colin\Desktop\HijackThis - Shortcut.lnk [2012/11/14 22:10:56 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/14 22:06:17 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/11/14 22:01:31 | 000,001,270 | ---- | C] () -- C:\Users\Colin\Desktop\Revo Uninstaller.lnk [2012/11/14 14:15:42 | 000,000,512 | ---- | C] () -- C:\Users\Colin\Documents\MBR.dat [2012/11/14 13:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/14 13:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/14 13:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/14 13:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/14 13:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/14 13:05:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/14 13:01:07 | 000,001,494 | ---- | C] () -- C:\Users\Colin\Desktop\RogueKiller - Shortcut.lnk [2012/11/14 12:59:55 | 000,001,485 | ---- | C] () -- C:\Users\Colin\Desktop\adwcleaner - Shortcut.lnk [2012/11/14 12:59:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/12 14:30:28 | 000,077,560 | ---- | C] () -- C:\Users\Colin\Documents\Admin Assistant Cover Letter - Investment Firm.pdf [2012/11/12 14:24:08 | 000,078,166 | ---- | C] () -- C:\Users\Colin\Documents\News Agent Asisstant Cover Letter.pdf [2012/11/09 12:47:56 | 000,001,642 | ---- | C] () -- C:\Users\Colin\Desktop\FM 13.lnk [2012/11/05 13:06:30 | 000,076,449 | ---- | C] () -- C:\Users\Colin\Documents\Internet Marketing Cover - Colin Lindsey.pdf [2012/11/05 12:43:48 | 000,074,549 | ---- | C] () -- C:\Users\Colin\Documents\Human Resources Clerk Cover Letter.pdf [2012/11/05 12:33:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012/11/02 13:23:35 | 000,078,890 | ---- | C] () -- C:\Users\Colin\Documents\OnForce Solar Cover Letter - Colin Lindsey.pdf [2012/11/02 13:14:05 | 000,076,001 | ---- | C] () -- C:\Users\Colin\Documents\Extreme Reach Cover Letter - Colin Lindsey.pdf [2012/10/29 11:14:28 | 000,076,896 | ---- | C] () -- C:\Users\Colin\Documents\Front Office Assistant Cover Letter.pdf [2012/10/29 11:08:32 | 000,079,401 | ---- | C] () -- C:\Users\Colin\Documents\Mt Sequoyah Cover Letter - Colin Lindsey.pdf [2012/10/25 14:11:20 | 000,078,633 | ---- | C] () -- C:\Users\Colin\Documents\Madoff Productions Cover Letter - Colin Lindsey.pdf [2012/10/25 13:56:03 | 000,077,767 | ---- | C] () -- C:\Users\Colin\Documents\NonProfit Events Cover Letter - Colin Lindsey.pdf [2012/10/25 13:30:25 | 000,079,276 | ---- | C] () -- C:\Users\Colin\Documents\Law Offices of Marian Polovy Cover Letter - Colin Lindsey.pdf [2012/10/23 15:43:05 | 000,076,738 | ---- | C] () -- C:\Users\Colin\Documents\Government Affairs Assistant Cover Letter.pdf [2012/10/23 12:08:23 | 000,079,486 | ---- | C] () -- C:\Users\Colin\Documents\Voxy Cover Letter.pdf [2012/10/22 17:49:23 | 000,076,928 | ---- | C] () -- C:\Users\Colin\Documents\IT Consulting Firm Cover Letter.pdf [2012/10/22 17:32:40 | 000,076,427 | ---- | C] () -- C:\Users\Colin\Documents\Administrative Assistant Cover Letter.pdf [2012/10/17 14:10:41 | 000,077,441 | ---- | C] () -- C:\Users\Colin\Documents\Admin Assistant Cover Letter.pdf [2012/10/17 14:06:24 | 000,074,091 | ---- | C] () -- C:\Users\Colin\Documents\Hostel Cover Letter.pdf [2012/10/17 13:51:54 | 000,076,759 | ---- | C] () -- C:\Users\Colin\Documents\Background Investigator Cover Letter.pdf [2012/10/17 13:28:24 | 000,079,166 | ---- | C] () -- C:\Users\Colin\Documents\LEAP NYC Cover Letter.pdf [2012/10/16 11:22:49 | 000,079,153 | ---- | C] () -- C:\Users\Colin\Documents\Public Knowlege Cover Letter.pdf [2012/10/16 11:08:27 | 000,079,513 | ---- | C] () -- C:\Users\Colin\Documents\Washington Area Community Investment Fund Cover.pdf [2012/10/16 10:43:36 | 000,078,726 | ---- | C] () -- C:\Users\Colin\Documents\The Brookings Institution Cover Letter.pdf [2012/08/30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/03/07 15:33:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012/02/23 22:03:34 | 000,000,121 | ---- | C] () -- C:\Users\Colin\webct_upload_applet.properties [2012/02/23 22:03:34 | 000,000,099 | ---- | C] () -- C:\Users\Colin\jagex_runescape_preferences2.dat [2012/02/23 22:03:34 | 000,000,046 | ---- | C] () -- C:\Users\Colin\jagex_runescape_preferences.dat [2012/02/23 22:03:34 | 000,000,000 | ---- | C] () -- C:\Users\Colin\jagex__preferences3.dat [2012/02/22 10:10:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/02/22 10:10:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/02/22 10:10:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012/02/22 10:10:37 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/02/22 10:10:36 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/02/10 10:10:51 | 000,799,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2012/02/23 22:03:45 | 000,111,616 | ---- | C] ()(C:\Users\Colin\Documents\??? ?? ??? ?? (Colin Reply).doc) -- C:\Users\Colin\Documents\어학원 강사 계약서 도봉 (Colin Reply).doc [2011/10/12 00:58:24 | 000,111,616 | ---- | M] ()(C:\Users\Colin\Documents\??? ?? ??? ?? (Colin Reply).doc) -- C:\Users\Colin\Documents\어학원 강사 계약서 도봉 (Colin Reply).doc < End of report >
-
The unhide was unable to recover the icons and gave me this log: Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 11/14/2012 11:21:02 PM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 260798 files processed. Processing the G:\ drive Finished processing the G:\ drive. 3 files processed. The C:\Users\Colin\AppData\Local\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * HideIcons was set to 1! It was set back to 0! Restarting Explorer.exe in order to apply changes. Program finished at: 11/14/2012 11:23:52 PM Execution time: 0 hours(s), 2 minute(s), and 50 seconds(s)
-
Thanks Gringo -- here are the logs. The computer is running a little better, still slow at some points. Also, Nothing is appearing on my desktop still. Even when I click send to desktop. Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.15.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Colin :: COLIN-PC [administrator] Protection: Enabled 11/14/2012 10:11:35 PM mbam-log-2012-11-14 (22-11-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223766 Time elapsed: 3 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Colin\Downloads\DownloadManager_Setup(1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Colin\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Colin\Downloads\mplayer_1193.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:19:46 PM, on 11/14/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Colin\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [D3DOverrider] "C:\D3DOverrider\D3DOverriderWrapper.exe" /s O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-21-2086934428-1904327760-3196116789-1001\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED (User '?') O4 - S-1-5-21-2086934428-1904327760-3196116789-1001 Startup: Intel® Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (User '?') O4 - Startup: Intel® Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9880 bytes
-
I ran combofix again: ComboFix 12-11-14.01 - Colin 11/14/2012 20:25:58.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6017 [GMT -6:00] Running from: c:\users\Colin\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))) . . 2012-11-15 02:29 . 2012-11-15 02:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-15 02:29 . 2012-11-15 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-14 21:18 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A710F53E-E49A-4D09-B6D2-0E0E901B39B3}\mpengine.dll 2012-11-14 19:31 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-14 19:27 . 2012-11-14 19:27 -------- d-----w- C:\FRST 2012-11-14 19:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 19:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 19:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 19:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 18:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 18:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 18:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 18:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 18:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 18:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 18:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-12 14:07 . 2012-11-12 14:07 -------- d-----w- c:\users\Colin\Savages UNRATED (2012) 2012-11-11 13:09 . 2012-11-11 15:33 -------- d-----w- c:\users\Colin\Workingmans.Death.2005.PAL.DVDR 2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\Colin\Putty Hill 2010.DVDRip.XviD-playXD 2012-11-05 18:33 . 2012-11-05 18:33 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-10-29 23:57 . 2012-10-29 23:57 -------- d-----w- c:\users\Colin\The Interrupters 2011 720p BRRip x264 AC3-26K 2012-10-20 19:48 . 2012-09-25 22:26 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03A34273-37BF-4FB0-BCC5-340C9983291A}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-14 19:00 . 2012-02-26 00:13 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-08 18:06 . 2012-10-08 15:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 18:06 . 2012-02-23 22:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 17:02 . 2012-09-30 17:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-30 17:02 . 2012-09-30 17:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-30 17:02 . 2012-02-23 23:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-25 22:26 . 2012-06-12 16:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-14 19:19 . 2012-10-10 14:48 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 14:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 14:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 19:14 . 2012-10-01 15:33 9066344 ----a-w- c:\windows\system32\nvcuda.dll 2012-08-30 19:14 . 2012-10-01 15:33 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-08-30 19:14 . 2012-10-01 15:33 7397736 ----a-w- c:\windows\system32\nvopencl.dll 2012-08-30 19:14 . 2012-10-01 15:33 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-08-30 19:14 . 2012-10-01 15:33 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys 2012-08-30 19:14 . 2012-10-01 15:33 284008 ----a-w- c:\windows\system32\drivers\nvkflt.sys 2012-08-30 19:14 . 2012-10-01 15:33 2745192 ----a-w- c:\windows\system32\nvcuvid.dll 2012-08-30 19:14 . 2012-10-01 15:33 26228072 ----a-w- c:\windows\system32\nvoglv64.dll 2012-08-30 19:14 . 2012-10-01 15:33 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-08-30 19:14 . 2012-10-01 15:33 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-08-30 19:14 . 2012-10-01 15:33 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-08-30 19:14 . 2012-10-01 15:33 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-08-30 19:14 . 2012-10-01 15:33 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-08-30 19:14 . 2012-10-01 15:33 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-08-30 19:14 . 2012-10-01 15:33 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-08-30 19:14 . 2012-10-01 15:33 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-08-30 19:14 . 2012-10-01 15:33 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-08-30 19:14 . 2012-10-01 15:33 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-08-30 19:14 . 2012-10-01 15:33 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-08-30 19:14 . 2012-10-01 15:33 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-08-30 19:14 . 2012-02-22 16:10 971624 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-08-30 19:14 . 2012-02-22 16:10 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-08-30 19:14 . 2012-02-22 16:10 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-08-30 19:14 . 2012-02-22 16:10 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-08-30 19:14 . 2012-02-22 16:10 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-08-30 19:14 . 2012-02-22 16:10 2725224 ----a-w- c:\windows\system32\nvapi64.dll 2012-08-30 19:14 . 2012-02-22 16:10 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-08-30 18:03 . 2012-10-10 14:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 14:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 14:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 16:18 . 2011-10-17 09:19 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-08-30 16:18 . 2011-10-17 06:19 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-08-30 16:18 . 2011-10-17 06:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-08-30 16:18 . 2011-10-17 06:19 865640 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-08-30 16:18 . 2011-10-17 06:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-08-30 16:18 . 2011-10-17 09:19 3487434 ----a-w- c:\windows\system32\nvcoproc.bin 2012-08-30 16:18 . 2011-10-17 06:19 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-08-30 16:18 . 2011-10-17 06:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll 2012-08-30 16:17 . 2011-10-17 06:19 6198120 ----a-w- c:\windows\system32\nvcpl.dll 2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-08-24 18:05 . 2012-10-10 14:48 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 14:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 18:57 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 18:57 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 18:57 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 22:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-10 14:48 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 14:48 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 14:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 14:48 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 14:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 14:48 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 14:48 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 14:48 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 14:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 14:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-10 14:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-10 14:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-10 14:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-18 963984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048] "D3DOverrider"="c:\d3doverrider\D3DOverriderWrapper.exe" [2009-08-23 40960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] . c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736] R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-24 283200] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392] . . Contents of the 'Scheduled Tasks' folder . 2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 18:06] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001Core.job - c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001UA.job - c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.dell.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: rhapsody.com\rhap-app-4-0 Trusted Zone: rhapsody.com\rhapreg TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-14 20:31:09 ComboFix-quarantined-files.txt 2012-11-15 02:31 ComboFix2.txt 2012-11-14 20:58 ComboFix3.txt 2012-11-14 19:29 ComboFix4.txt 2011-10-03 20:22 . Pre-Run: 30,018,621,440 bytes free Post-Run: 29,947,789,312 bytes free . - - End Of File - - 983223ABADDBCBF009C3DC84DE16486C
-
Did you want me to run Combofix again in addition to that?
-
This is the report I got after following directions: µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI Cerenade Filler DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition FIFA 12 © EA version 1 FIFA 13 Football Manager 2012 Google Chrome Google Earth Google Talk Plugin Google Update Helper Intel PROSet Wireless Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Wireless Display Java 7 Update 7 Java Auto Updater JMicron Flash Media Controller Driver Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Origin Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Rhapsody Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.10 SopCast 3.4.8 StreamTorrent 1.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) VLC media player 2.0.2 Yahoo! Messenger
-
Here is the latest combofix Log after running w/ CFScript. ComboFix 12-11-14.01 - Colin 11/14/2012 14:53:08.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6331 [GMT -6:00] Running from: c:\users\Colin\Desktop\ComboFix.exe Command switches used :: c:\users\Colin\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))) . . 2012-11-14 20:56 . 2012-11-14 20:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-14 20:56 . 2012-11-14 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-14 19:41 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C69010D-53D4-4E30-B67C-5ACD60DFF118}\mpengine.dll 2012-11-14 19:31 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-14 19:27 . 2012-11-14 19:27 -------- d-----w- C:\FRST 2012-11-14 19:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 19:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 19:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 19:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 18:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 18:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 18:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 18:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 18:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 18:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 18:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-12 14:07 . 2012-11-12 14:07 -------- d-----w- c:\users\Colin\Savages UNRATED (2012) 2012-11-11 13:09 . 2012-11-11 15:33 -------- d-----w- c:\users\Colin\Workingmans.Death.2005.PAL.DVDR 2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\Colin\Putty Hill 2010.DVDRip.XviD-playXD 2012-11-05 18:33 . 2012-11-05 18:33 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-10-29 23:57 . 2012-10-29 23:57 -------- d-----w- c:\users\Colin\The Interrupters 2011 720p BRRip x264 AC3-26K 2012-10-20 19:48 . 2012-09-25 22:26 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03A34273-37BF-4FB0-BCC5-340C9983291A}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-14 19:00 . 2012-02-26 00:13 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-08 18:06 . 2012-10-08 15:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 18:06 . 2012-02-23 22:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 17:02 . 2012-09-30 17:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-30 17:02 . 2012-09-30 17:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-30 17:02 . 2012-02-23 23:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-25 22:26 . 2012-06-12 16:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-14 19:19 . 2012-10-10 14:48 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 14:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 14:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 19:14 . 2012-10-01 15:33 9066344 ----a-w- c:\windows\system32\nvcuda.dll 2012-08-30 19:14 . 2012-10-01 15:33 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-08-30 19:14 . 2012-10-01 15:33 7397736 ----a-w- c:\windows\system32\nvopencl.dll 2012-08-30 19:14 . 2012-10-01 15:33 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-08-30 19:14 . 2012-10-01 15:33 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys 2012-08-30 19:14 . 2012-10-01 15:33 284008 ----a-w- c:\windows\system32\drivers\nvkflt.sys 2012-08-30 19:14 . 2012-10-01 15:33 2745192 ----a-w- c:\windows\system32\nvcuvid.dll 2012-08-30 19:14 . 2012-10-01 15:33 26228072 ----a-w- c:\windows\system32\nvoglv64.dll 2012-08-30 19:14 . 2012-10-01 15:33 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-08-30 19:14 . 2012-10-01 15:33 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-08-30 19:14 . 2012-10-01 15:33 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-08-30 19:14 . 2012-10-01 15:33 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-08-30 19:14 . 2012-10-01 15:33 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-08-30 19:14 . 2012-10-01 15:33 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-08-30 19:14 . 2012-10-01 15:33 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-08-30 19:14 . 2012-10-01 15:33 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-08-30 19:14 . 2012-10-01 15:33 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-08-30 19:14 . 2012-10-01 15:33 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-08-30 19:14 . 2012-10-01 15:33 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-08-30 19:14 . 2012-10-01 15:33 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-08-30 19:14 . 2012-02-22 16:10 971624 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-08-30 19:14 . 2012-02-22 16:10 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-08-30 19:14 . 2012-02-22 16:10 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-08-30 19:14 . 2012-02-22 16:10 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-08-30 19:14 . 2012-02-22 16:10 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-08-30 19:14 . 2012-02-22 16:10 2725224 ----a-w- c:\windows\system32\nvapi64.dll 2012-08-30 19:14 . 2012-02-22 16:10 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-08-30 18:03 . 2012-10-10 14:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 14:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 14:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 16:18 . 2011-10-17 09:19 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-08-30 16:18 . 2011-10-17 06:19 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-08-30 16:18 . 2011-10-17 06:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-08-30 16:18 . 2011-10-17 06:19 865640 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-08-30 16:18 . 2011-10-17 06:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-08-30 16:18 . 2011-10-17 09:19 3487434 ----a-w- c:\windows\system32\nvcoproc.bin 2012-08-30 16:18 . 2011-10-17 06:19 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-08-30 16:18 . 2011-10-17 06:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll 2012-08-30 16:17 . 2011-10-17 06:19 6198120 ----a-w- c:\windows\system32\nvcpl.dll 2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-08-24 18:05 . 2012-10-10 14:48 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 14:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 18:57 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 18:57 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 18:57 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 22:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-10 14:48 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 14:48 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 14:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 14:48 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 14:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 14:48 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 14:48 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 14:48 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 14:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 14:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-10 14:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-10 14:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-10 14:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-18 963984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048] "D3DOverrider"="c:\d3doverrider\D3DOverriderWrapper.exe" [2009-08-23 40960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] . c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736] R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-24 283200] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392] . . Contents of the 'Scheduled Tasks' folder . 2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 18:06] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001Core.job - c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001UA.job - c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.dell.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: rhapsody.com\rhap-app-4-0 Trusted Zone: rhapsody.com\rhapreg TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-14 14:58:11 ComboFix-quarantined-files.txt 2012-11-14 20:58 ComboFix2.txt 2012-11-14 19:29 ComboFix3.txt 2011-10-03 20:22 . Pre-Run: 30,631,583,744 bytes free Post-Run: 30,472,450,048 bytes free . - - End Of File - - B71A8C4259C9B9F90800E7BC043F6EAA
-
TDS KILLER 13:32:31.0359 2604 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 13:32:31.0780 2604 ============================================================ 13:32:31.0780 2604 Current date / time: 2012/11/14 13:32:31.0780 13:32:31.0780 2604 SystemInfo: 13:32:31.0780 2604 13:32:31.0780 2604 OS Version: 6.1.7601 ServicePack: 1.0 13:32:31.0780 2604 Product type: Workstation 13:32:31.0780 2604 ComputerName: COLIN-PC 13:32:31.0780 2604 UserName: Colin 13:32:31.0796 2604 Windows directory: C:\Windows 13:32:31.0796 2604 System windows directory: C:\Windows 13:32:31.0796 2604 Running under WOW64 13:32:31.0796 2604 Processor architecture: Intel x64 13:32:31.0796 2604 Number of processors: 8 13:32:31.0796 2604 Page size: 0x1000 13:32:31.0796 2604 Boot type: Normal boot 13:32:31.0796 2604 ============================================================ 13:32:32.0443 2604 Drive \Device\Harddisk1\DR1 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048 13:32:32.0460 2604 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:32:32.0469 2604 Drive \Device\Harddisk1\DR1 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 13:32:32.0472 2604 ============================================================ 13:32:32.0472 2604 \Device\Harddisk1\DR1: 13:32:32.0473 2604 MBR partitions: 13:32:32.0473 2604 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x779000 13:32:32.0473 2604 \Device\Harddisk0\DR0: 13:32:32.0473 2604 MBR partitions: 13:32:32.0473 2604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A80000 13:32:32.0473 2604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A94000, BlocksNum 0x388F0000 13:32:32.0473 2604 \Device\Harddisk1\DR1: 13:32:32.0473 2604 MBR partitions: 13:32:32.0473 2604 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x779000 13:32:32.0473 2604 ============================================================ 13:32:32.0517 2604 C: <-> \Device\Harddisk0\DR0\Partition2 13:32:32.0517 2604 ============================================================ 13:32:32.0517 2604 Initialize success 13:32:32.0518 2604 ============================================================ 13:32:38.0375 3252 ============================================================ 13:32:38.0375 3252 Scan started 13:32:38.0375 3252 Mode: Manual; 13:32:38.0375 3252 ============================================================ 13:32:38.0854 3252 ================ Scan system memory ======================== 13:32:38.0854 3252 System memory - ok 13:32:38.0854 3252 ================ Scan services ============================= 13:32:38.0994 3252 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 13:32:39.0010 3252 !SASCORE - ok 13:32:39.0259 3252 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 13:32:39.0259 3252 1394ohci - ok 13:32:39.0306 3252 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 13:32:39.0306 3252 ACPI - ok 13:32:39.0337 3252 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 13:32:39.0337 3252 AcpiPmi - ok 13:32:39.0452 3252 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:32:39.0490 3252 AdobeARMservice - ok 13:32:39.0707 3252 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:32:39.0714 3252 AdobeFlashPlayerUpdateSvc - ok 13:32:39.0763 3252 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 13:32:39.0779 3252 adp94xx - ok 13:32:39.0826 3252 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 13:32:39.0841 3252 adpahci - ok 13:32:39.0872 3252 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 13:32:39.0872 3252 adpu320 - ok 13:32:39.0919 3252 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:32:39.0919 3252 AeLookupSvc - ok 13:32:39.0982 3252 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 13:32:39.0982 3252 AERTFilters - ok 13:32:40.0060 3252 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 13:32:40.0075 3252 AFD - ok 13:32:40.0106 3252 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:32:40.0106 3252 agp440 - ok 13:32:40.0138 3252 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 13:32:40.0153 3252 ALG - ok 13:32:40.0169 3252 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 13:32:40.0169 3252 aliide - ok 13:32:40.0200 3252 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 13:32:40.0200 3252 amdide - ok 13:32:40.0231 3252 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 13:32:40.0231 3252 AmdK8 - ok 13:32:40.0262 3252 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 13:32:40.0262 3252 AmdPPM - ok 13:32:40.0278 3252 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:32:40.0294 3252 amdsata - ok 13:32:40.0325 3252 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 13:32:40.0340 3252 amdsbs - ok 13:32:40.0356 3252 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:32:40.0356 3252 amdxata - ok 13:32:40.0418 3252 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys 13:32:40.0418 3252 AMPPAL - ok 13:32:40.0450 3252 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys 13:32:40.0465 3252 AMPPALP - ok 13:32:40.0528 3252 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 13:32:40.0543 3252 AMPPALR3 - ok 13:32:40.0590 3252 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 13:32:40.0590 3252 AppID - ok 13:32:40.0637 3252 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:32:40.0637 3252 AppIDSvc - ok 13:32:40.0652 3252 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 13:32:40.0652 3252 Appinfo - ok 13:32:40.0715 3252 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 13:32:40.0715 3252 arc - ok 13:32:40.0746 3252 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 13:32:40.0746 3252 arcsas - ok 13:32:40.0840 3252 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:32:40.0871 3252 aspnet_state - ok 13:32:40.0902 3252 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:32:40.0902 3252 AsyncMac - ok 13:32:40.0949 3252 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 13:32:40.0949 3252 atapi - ok 13:32:40.0996 3252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:32:41.0011 3252 AudioEndpointBuilder - ok 13:32:41.0027 3252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:32:41.0027 3252 AudioSrv - ok 13:32:41.0058 3252 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:32:41.0058 3252 AxInstSV - ok 13:32:41.0089 3252 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 13:32:41.0105 3252 b06bdrv - ok 13:32:41.0136 3252 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 13:32:41.0136 3252 b57nd60a - ok 13:32:41.0167 3252 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 13:32:41.0167 3252 BDESVC - ok 13:32:41.0183 3252 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 13:32:41.0183 3252 Beep - ok 13:32:41.0230 3252 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 13:32:41.0245 3252 BFE - ok 13:32:41.0292 3252 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 13:32:41.0308 3252 BITS - ok 13:32:41.0339 3252 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 13:32:41.0339 3252 blbdrive - ok 13:32:41.0386 3252 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:32:41.0401 3252 bowser - ok 13:32:41.0432 3252 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 13:32:41.0432 3252 BrFiltLo - ok 13:32:41.0448 3252 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 13:32:41.0448 3252 BrFiltUp - ok 13:32:41.0504 3252 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 13:32:41.0508 3252 BridgeMP - ok 13:32:41.0567 3252 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 13:32:41.0571 3252 Browser - ok 13:32:41.0596 3252 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 13:32:41.0604 3252 Brserid - ok 13:32:41.0641 3252 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:32:41.0644 3252 BrSerWdm - ok 13:32:41.0662 3252 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:32:41.0664 3252 BrUsbMdm - ok 13:32:41.0671 3252 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 13:32:41.0674 3252 BrUsbSer - ok 13:32:41.0699 3252 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 13:32:41.0702 3252 BTHMODEM - ok 13:32:41.0740 3252 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 13:32:41.0740 3252 bthserv - ok 13:32:41.0755 3252 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 13:32:41.0771 3252 BTHSSecurityMgr - ok 13:32:41.0802 3252 catchme - ok 13:32:41.0833 3252 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:32:41.0833 3252 cdfs - ok 13:32:41.0880 3252 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:32:41.0880 3252 cdrom - ok 13:32:41.0911 3252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 13:32:41.0927 3252 CertPropSvc - ok 13:32:41.0943 3252 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 13:32:41.0943 3252 circlass - ok 13:32:41.0974 3252 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 13:32:41.0989 3252 CLFS - ok 13:32:42.0052 3252 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:32:42.0052 3252 clr_optimization_v2.0.50727_32 - ok 13:32:42.0099 3252 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:32:42.0099 3252 clr_optimization_v2.0.50727_64 - ok 13:32:42.0177 3252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:32:42.0255 3252 clr_optimization_v4.0.30319_32 - ok 13:32:42.0255 3252 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:32:42.0270 3252 clr_optimization_v4.0.30319_64 - ok 13:32:42.0301 3252 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 13:32:42.0301 3252 CmBatt - ok 13:32:42.0317 3252 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:32:42.0317 3252 cmdide - ok 13:32:42.0379 3252 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 13:32:42.0379 3252 CNG - ok 13:32:42.0426 3252 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 13:32:42.0426 3252 Compbatt - ok 13:32:42.0442 3252 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 13:32:42.0442 3252 CompositeBus - ok 13:32:42.0457 3252 COMSysApp - ok 13:32:42.0489 3252 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 13:32:42.0489 3252 crcdisk - ok 13:32:42.0535 3252 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:32:42.0551 3252 CryptSvc - ok 13:32:42.0582 3252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 13:32:42.0598 3252 DcomLaunch - ok 13:32:42.0629 3252 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 13:32:42.0645 3252 defragsvc - ok 13:32:42.0660 3252 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:32:42.0660 3252 DfsC - ok 13:32:42.0691 3252 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 13:32:42.0738 3252 Dhcp - ok 13:32:42.0754 3252 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 13:32:42.0754 3252 discache - ok 13:32:42.0785 3252 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 13:32:42.0785 3252 Disk - ok 13:32:42.0816 3252 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:32:42.0816 3252 Dnscache - ok 13:32:42.0832 3252 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 13:32:42.0847 3252 dot3svc - ok 13:32:42.0879 3252 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 13:32:42.0879 3252 DPS - ok 13:32:42.0925 3252 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:32:42.0925 3252 drmkaud - ok 13:32:42.0957 3252 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 13:32:42.0972 3252 dtsoftbus01 - ok 13:32:43.0019 3252 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:32:43.0035 3252 DXGKrnl - ok 13:32:43.0050 3252 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 13:32:43.0050 3252 EapHost - ok 13:32:43.0128 3252 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 13:32:43.0159 3252 ebdrv - ok 13:32:43.0191 3252 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 13:32:43.0191 3252 EFS - ok 13:32:43.0253 3252 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:32:43.0269 3252 ehRecvr - ok 13:32:43.0284 3252 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 13:32:43.0284 3252 ehSched - ok 13:32:43.0331 3252 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 13:32:43.0347 3252 elxstor - ok 13:32:43.0362 3252 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:32:43.0362 3252 ErrDev - ok 13:32:43.0409 3252 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 13:32:43.0409 3252 EventSystem - ok 13:32:43.0508 3252 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 13:32:43.0520 3252 EvtEng - ok 13:32:43.0541 3252 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 13:32:43.0543 3252 exfat - ok 13:32:43.0578 3252 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:32:43.0583 3252 fastfat - ok 13:32:43.0641 3252 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 13:32:43.0656 3252 Fax - ok 13:32:43.0685 3252 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 13:32:43.0686 3252 fdc - ok 13:32:43.0704 3252 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 13:32:43.0706 3252 fdPHost - ok 13:32:43.0723 3252 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 13:32:43.0724 3252 FDResPub - ok 13:32:43.0735 3252 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:32:43.0736 3252 FileInfo - ok 13:32:43.0747 3252 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:32:43.0750 3252 Filetrace - ok 13:32:43.0764 3252 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 13:32:43.0780 3252 flpydisk - ok 13:32:43.0795 3252 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:32:43.0811 3252 FltMgr - ok 13:32:43.0858 3252 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 13:32:43.0889 3252 FontCache - ok 13:32:43.0920 3252 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:32:43.0920 3252 FontCache3.0.0.0 - ok 13:32:43.0936 3252 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:32:43.0951 3252 FsDepends - ok 13:32:43.0982 3252 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:32:43.0982 3252 Fs_Rec - ok 13:32:44.0014 3252 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:32:44.0014 3252 fvevol - ok 13:32:44.0060 3252 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 13:32:44.0060 3252 gagp30kx - ok 13:32:44.0107 3252 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 13:32:44.0123 3252 gpsvc - ok 13:32:44.0248 3252 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:32:44.0248 3252 gupdate - ok 13:32:44.0279 3252 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:32:44.0279 3252 gupdatem - ok 13:32:44.0310 3252 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:32:44.0310 3252 hcw85cir - ok 13:32:44.0357 3252 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:32:44.0357 3252 HdAudAddService - ok 13:32:44.0404 3252 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 13:32:44.0404 3252 HDAudBus - ok 13:32:44.0435 3252 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 13:32:44.0435 3252 HidBatt - ok 13:32:44.0450 3252 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 13:32:44.0450 3252 HidBth - ok 13:32:44.0466 3252 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 13:32:44.0482 3252 HidIr - ok 13:32:44.0512 3252 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 13:32:44.0515 3252 hidserv - ok 13:32:44.0542 3252 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:32:44.0544 3252 HidUsb - ok 13:32:44.0573 3252 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:32:44.0578 3252 hkmsvc - ok 13:32:44.0596 3252 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:32:44.0603 3252 HomeGroupListener - ok 13:32:44.0637 3252 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:32:44.0646 3252 HomeGroupProvider - ok 13:32:44.0690 3252 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 13:32:44.0692 3252 HpSAMD - ok 13:32:44.0724 3252 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:32:44.0741 3252 HTTP - ok 13:32:44.0759 3252 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:32:44.0760 3252 hwpolicy - ok 13:32:44.0797 3252 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 13:32:44.0813 3252 i8042prt - ok 13:32:44.0844 3252 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys 13:32:44.0860 3252 iaStor - ok 13:32:44.0907 3252 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 13:32:44.0907 3252 IAStorDataMgrSvc - ok 13:32:44.0953 3252 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:32:44.0953 3252 iaStorV - ok 13:32:45.0031 3252 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:32:45.0047 3252 idsvc - ok 13:32:45.0250 3252 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 13:32:45.0437 3252 igfx - ok 13:32:45.0453 3252 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 13:32:45.0468 3252 iirsp - ok 13:32:45.0514 3252 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 13:32:45.0522 3252 IKEEXT - ok 13:32:45.0592 3252 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 13:32:45.0610 3252 IntcAzAudAddService - ok 13:32:45.0653 3252 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 13:32:45.0660 3252 IntcDAud - ok 13:32:45.0686 3252 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 13:32:45.0688 3252 intelide - ok 13:32:45.0714 3252 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:32:45.0716 3252 intelppm - ok 13:32:45.0743 3252 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:32:45.0748 3252 IPBusEnum - ok 13:32:45.0769 3252 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:32:45.0769 3252 IpFilterDriver - ok 13:32:45.0816 3252 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:32:45.0847 3252 iphlpsvc - ok 13:32:45.0863 3252 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 13:32:45.0863 3252 IPMIDRV - ok 13:32:45.0879 3252 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:32:45.0879 3252 IPNAT - ok 13:32:45.0894 3252 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:32:45.0894 3252 IRENUM - ok 13:32:45.0925 3252 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:32:45.0925 3252 isapnp - ok 13:32:45.0957 3252 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 13:32:45.0988 3252 iScsiPrt - ok 13:32:46.0019 3252 [ DD931496F49CDDF4F0B440455423E162 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 13:32:46.0019 3252 JMCR - ok 13:32:46.0050 3252 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:32:46.0050 3252 kbdclass - ok 13:32:46.0081 3252 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 13:32:46.0081 3252 kbdhid - ok 13:32:46.0113 3252 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 13:32:46.0113 3252 KeyIso - ok 13:32:46.0159 3252 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:32:46.0159 3252 KSecDD - ok 13:32:46.0206 3252 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:32:46.0206 3252 KSecPkg - ok 13:32:46.0237 3252 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:32:46.0237 3252 ksthunk - ok 13:32:46.0269 3252 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 13:32:46.0284 3252 KtmRm - ok 13:32:46.0315 3252 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 13:32:46.0315 3252 LanmanServer - ok 13:32:46.0362 3252 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:32:46.0362 3252 LanmanWorkstation - ok 13:32:46.0409 3252 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:32:46.0409 3252 lltdio - ok 13:32:46.0440 3252 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:32:46.0456 3252 lltdsvc - ok 13:32:46.0471 3252 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:32:46.0471 3252 lmhosts - ok 13:32:46.0530 3252 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 13:32:46.0534 3252 LSI_FC - ok 13:32:46.0548 3252 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 13:32:46.0552 3252 LSI_SAS - ok 13:32:46.0566 3252 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 13:32:46.0569 3252 LSI_SAS2 - ok 13:32:46.0579 3252 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 13:32:46.0582 3252 LSI_SCSI - ok 13:32:46.0607 3252 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 13:32:46.0608 3252 luafv - ok 13:32:46.0632 3252 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:32:46.0638 3252 Mcx2Svc - ok 13:32:46.0656 3252 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 13:32:46.0659 3252 megasas - ok 13:32:46.0681 3252 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 13:32:46.0686 3252 MegaSR - ok 13:32:46.0720 3252 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 13:32:46.0721 3252 MEIx64 - ok 13:32:46.0790 3252 Microsoft SharePoint Workspace Audit Service - ok 13:32:46.0821 3252 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 13:32:46.0837 3252 MMCSS - ok 13:32:46.0853 3252 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 13:32:46.0868 3252 Modem - ok 13:32:46.0884 3252 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:32:46.0884 3252 monitor - ok 13:32:46.0915 3252 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:32:46.0915 3252 mouclass - ok 13:32:46.0946 3252 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys 13:32:46.0946 3252 mouhid - ok 13:32:46.0993 3252 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:32:46.0993 3252 mountmgr - ok 13:32:47.0055 3252 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:32:47.0055 3252 MozillaMaintenance - ok 13:32:47.0133 3252 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 13:32:47.0133 3252 MpFilter - ok 13:32:47.0149 3252 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 13:32:47.0165 3252 mpio - ok 13:32:47.0180 3252 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:32:47.0180 3252 mpsdrv - ok 13:32:47.0227 3252 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 13:32:47.0243 3252 MpsSvc - ok 13:32:47.0258 3252 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:32:47.0258 3252 MRxDAV - ok 13:32:47.0274 3252 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:32:47.0289 3252 mrxsmb - ok 13:32:47.0305 3252 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:32:47.0321 3252 mrxsmb10 - ok 13:32:47.0336 3252 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:32:47.0336 3252 mrxsmb20 - ok 13:32:47.0352 3252 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 13:32:47.0352 3252 msahci - ok 13:32:47.0383 3252 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:32:47.0383 3252 msdsm - ok 13:32:47.0399 3252 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 13:32:47.0414 3252 MSDTC - ok 13:32:47.0430 3252 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:32:47.0430 3252 Msfs - ok 13:32:47.0445 3252 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:32:47.0445 3252 mshidkmdf - ok 13:32:47.0445 3252 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:32:47.0445 3252 msisadrv - ok 13:32:47.0492 3252 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:32:47.0492 3252 MSiSCSI - ok 13:32:47.0492 3252 msiserver - ok 13:32:47.0537 3252 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:32:47.0540 3252 MSKSSRV - ok 13:32:47.0607 3252 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 13:32:47.0609 3252 MsMpSvc - ok 13:32:47.0627 3252 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:32:47.0629 3252 MSPCLOCK - ok 13:32:47.0644 3252 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:32:47.0645 3252 MSPQM - ok 13:32:47.0665 3252 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:32:47.0668 3252 MsRPC - ok 13:32:47.0675 3252 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 13:32:47.0676 3252 mssmbios - ok 13:32:47.0689 3252 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:32:47.0690 3252 MSTEE - ok 13:32:47.0699 3252 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 13:32:47.0700 3252 MTConfig - ok 13:32:47.0715 3252 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 13:32:47.0716 3252 Mup - ok 13:32:47.0756 3252 [ 265937BC59819DF1DAB65E27C60F94C0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 13:32:47.0764 3252 MyWiFiDHCPDNS - ok 13:32:47.0792 3252 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 13:32:47.0792 3252 napagent - ok 13:32:47.0855 3252 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:32:47.0855 3252 NativeWifiP - ok 13:32:47.0933 3252 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:32:47.0948 3252 NDIS - ok 13:32:47.0964 3252 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:32:47.0964 3252 NdisCap - ok 13:32:47.0995 3252 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:32:47.0995 3252 NdisTapi - ok 13:32:48.0011 3252 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:32:48.0011 3252 Ndisuio - ok 13:32:48.0042 3252 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:32:48.0042 3252 NdisWan - ok 13:32:48.0058 3252 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:32:48.0058 3252 NDProxy - ok 13:32:48.0089 3252 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:32:48.0089 3252 NetBIOS - ok 13:32:48.0104 3252 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:32:48.0104 3252 NetBT - ok 13:32:48.0136 3252 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 13:32:48.0136 3252 Netlogon - ok 13:32:48.0198 3252 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 13:32:48.0214 3252 Netman - ok 13:32:48.0229 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:32:48.0276 3252 NetMsmqActivator - ok 13:32:48.0276 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:32:48.0276 3252 NetPipeActivator - ok 13:32:48.0307 3252 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 13:32:48.0323 3252 netprofm - ok 13:32:48.0323 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:32:48.0323 3252 NetTcpActivator - ok 13:32:48.0323 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:32:48.0323 3252 NetTcpPortSharing - ok 13:32:48.0494 3252 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 13:32:48.0596 3252 NETwNs64 - ok 13:32:48.0632 3252 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 13:32:48.0634 3252 nfrd960 - ok 13:32:48.0695 3252 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 13:32:48.0698 3252 NisDrv - ok 13:32:48.0717 3252 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 13:32:48.0726 3252 NisSrv - ok 13:32:48.0763 3252 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 13:32:48.0795 3252 NlaSvc - ok 13:32:48.0810 3252 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:32:48.0810 3252 Npfs - ok 13:32:48.0841 3252 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 13:32:48.0841 3252 nsi - ok 13:32:48.0841 3252 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:32:48.0841 3252 nsiproxy - ok 13:32:48.0919 3252 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:32:48.0951 3252 Ntfs - ok 13:32:48.0951 3252 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 13:32:48.0966 3252 Null - ok 13:32:48.0997 3252 [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 13:32:49.0029 3252 nusb3hub - ok 13:32:49.0044 3252 [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 13:32:49.0044 3252 nusb3xhc - ok 13:32:49.0091 3252 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 13:32:49.0107 3252 NVHDA - ok 13:32:49.0138 3252 [ 566F0CFD371304F17000B67DD585E34A ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys 13:32:49.0153 3252 nvkflt - ok 13:32:49.0387 3252 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:32:49.0434 3252 nvlddmkm - ok 13:32:49.0465 3252 [ 1891184D09E8C16042E57D5373E4268E ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 13:32:49.0465 3252 nvpciflt - ok 13:32:49.0497 3252 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:32:49.0497 3252 nvraid - ok 13:32:49.0543 3252 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:32:49.0548 3252 nvstor - ok 13:32:49.0622 3252 [ 43F91595049DE14C4B61D1E76436164F ] NVSvc C:\Windows\system32\nvvsvc.exe 13:32:49.0641 3252 NVSvc - ok 13:32:49.0727 3252 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 13:32:49.0748 3252 nvUpdatusService - ok 13:32:49.0779 3252 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:32:49.0784 3252 nv_agp - ok 13:32:49.0816 3252 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:32:49.0816 3252 ohci1394 - ok 13:32:49.0894 3252 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:32:49.0910 3252 ose - ok 13:32:50.0050 3252 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 13:32:50.0097 3252 osppsvc - ok 13:32:50.0128 3252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:32:50.0128 3252 p2pimsvc - ok 13:32:50.0160 3252 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 13:32:50.0175 3252 p2psvc - ok 13:32:50.0206 3252 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 13:32:50.0206 3252 Parport - ok 13:32:50.0253 3252 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:32:50.0253 3252 partmgr - ok 13:32:50.0269 3252 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:32:50.0284 3252 PcaSvc - ok 13:32:50.0316 3252 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 13:32:50.0316 3252 pci - ok 13:32:50.0347 3252 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 13:32:50.0362 3252 pciide - ok 13:32:50.0378 3252 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 13:32:50.0394 3252 pcmcia - ok 13:32:50.0409 3252 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 13:32:50.0425 3252 pcw - ok 13:32:50.0440 3252 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:32:50.0456 3252 PEAUTH - ok 13:32:50.0546 3252 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:32:50.0550 3252 PerfHost - ok 13:32:50.0609 3252 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 13:32:50.0635 3252 pla - ok 13:32:50.0666 3252 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:32:50.0671 3252 PlugPlay - ok 13:32:50.0686 3252 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:32:50.0690 3252 PNRPAutoReg - ok 13:32:50.0708 3252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:32:50.0713 3252 PNRPsvc - ok 13:32:50.0753 3252 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:32:50.0761 3252 PolicyAgent - ok 13:32:50.0803 3252 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll 13:32:50.0804 3252 Power - ok 13:32:50.0835 3252 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:32:50.0851 3252 PptpMiniport - ok 13:32:50.0866 3252 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 13:32:50.0866 3252 Processor - ok 13:32:50.0913 3252 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 13:32:50.0913 3252 ProfSvc - ok 13:32:50.0929 3252 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:32:50.0929 3252 ProtectedStorage - ok 13:32:50.0944 3252 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:32:50.0960 3252 Psched - ok 13:32:50.0991 3252 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys 13:32:50.0991 3252 qicflt - ok 13:32:51.0069 3252 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 13:32:51.0116 3252 ql2300 - ok 13:32:51.0132 3252 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 13:32:51.0132 3252 ql40xx - ok 13:32:51.0163 3252 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 13:32:51.0178 3252 QWAVE - ok 13:32:51.0194 3252 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:32:51.0194 3252 QWAVEdrv - ok 13:32:51.0210 3252 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:32:51.0225 3252 RasAcd - ok 13:32:51.0256 3252 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:32:51.0256 3252 RasAgileVpn - ok 13:32:51.0272 3252 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 13:32:51.0288 3252 RasAuto - ok 13:32:51.0303 3252 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:32:51.0303 3252 Rasl2tp - ok 13:32:51.0319 3252 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 13:32:51.0334 3252 RasMan - ok 13:32:51.0350 3252 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:32:51.0366 3252 RasPppoe - ok 13:32:51.0381 3252 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:32:51.0381 3252 RasSstp - ok 13:32:51.0412 3252 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:32:51.0412 3252 rdbss - ok 13:32:51.0428 3252 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 13:32:51.0428 3252 rdpbus - ok 13:32:51.0459 3252 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:32:51.0459 3252 RDPCDD - ok 13:32:51.0490 3252 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:32:51.0490 3252 RDPENCDD - ok 13:32:51.0522 3252 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:32:51.0522 3252 RDPREFMP - ok 13:32:51.0562 3252 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:32:51.0565 3252 RDPWD - ok 13:32:51.0591 3252 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:32:51.0594 3252 rdyboost - ok 13:32:51.0675 3252 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 13:32:51.0693 3252 RegSrvc - ok 13:32:51.0721 3252 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:32:51.0724 3252 RemoteAccess - ok 13:32:51.0756 3252 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:32:51.0763 3252 RemoteRegistry - ok 13:32:51.0780 3252 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:32:51.0785 3252 RpcEptMapper - ok 13:32:51.0805 3252 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 13:32:51.0805 3252 RpcLocator - ok 13:32:51.0821 3252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 13:32:51.0836 3252 RpcSs - ok 13:32:51.0868 3252 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:32:51.0868 3252 rspndr - ok 13:32:51.0914 3252 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 13:32:51.0930 3252 RTL8167 - ok 13:32:51.0946 3252 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 13:32:51.0946 3252 SamSs - ok 13:32:52.0024 3252 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 13:32:52.0024 3252 SASDIFSV - ok 13:32:52.0039 3252 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 13:32:52.0039 3252 SASKUTIL - ok 13:32:52.0070 3252 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:32:52.0070 3252 sbp2port - ok 13:32:52.0086 3252 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:32:52.0102 3252 SCardSvr - ok 13:32:52.0117 3252 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:32:52.0133 3252 scfilter - ok 13:32:52.0180 3252 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 13:32:52.0211 3252 Schedule - ok 13:32:52.0226 3252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 13:32:52.0226 3252 SCPolicySvc - ok 13:32:52.0242 3252 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 13:32:52.0258 3252 sdbus - ok 13:32:52.0273 3252 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:32:52.0273 3252 SDRSVC - ok 13:32:52.0304 3252 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:32:52.0304 3252 secdrv - ok 13:32:52.0336 3252 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 13:32:52.0336 3252 seclogon - ok 13:32:52.0351 3252 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 13:32:52.0351 3252 SENS - ok 13:32:52.0382 3252 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:32:52.0382 3252 SensrSvc - ok 13:32:52.0429 3252 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 13:32:52.0429 3252 Serenum - ok 13:32:52.0476 3252 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 13:32:52.0476 3252 Serial - ok 13:32:52.0523 3252 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 13:32:52.0523 3252 sermouse - ok 13:32:52.0558 3252 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 13:32:52.0560 3252 SessionEnv - ok 13:32:52.0570 3252 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 13:32:52.0571 3252 sffdisk - ok 13:32:52.0587 3252 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:32:52.0588 3252 sffp_mmc - ok 13:32:52.0605 3252 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 13:32:52.0607 3252 sffp_sd - ok 13:32:52.0621 3252 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 13:32:52.0624 3252 sfloppy - ok 13:32:52.0663 3252 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:32:52.0672 3252 SharedAccess - ok 13:32:52.0699 3252 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:32:52.0703 3252 ShellHWDetection - ok 13:32:52.0744 3252 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 13:32:52.0747 3252 SiSRaid2 - ok 13:32:52.0771 3252 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 13:32:52.0773 3252 SiSRaid4 - ok 13:32:52.0811 3252 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 13:32:52.0827 3252 SkypeUpdate - ok 13:32:52.0858 3252 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:32:52.0858 3252 Smb - ok 13:32:52.0905 3252 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:32:52.0921 3252 SNMPTRAP - ok 13:32:52.0936 3252 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 13:32:52.0936 3252 spldr - ok 13:32:52.0999 3252 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 13:32:52.0999 3252 Spooler - ok 13:32:53.0108 3252 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 13:32:53.0123 3252 sppsvc - ok 13:32:53.0139 3252 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:32:53.0155 3252 sppuinotify - ok 13:32:53.0170 3252 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 13:32:53.0186 3252 srv - ok 13:32:53.0201 3252 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:32:53.0217 3252 srv2 - ok 13:32:53.0233 3252 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:32:53.0233 3252 srvnet - ok 13:32:53.0264 3252 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:32:53.0279 3252 SSDPSRV - ok 13:32:53.0279 3252 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:32:53.0295 3252 SstpSvc - ok 13:32:53.0389 3252 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 13:32:53.0404 3252 Stereo Service - ok 13:32:53.0435 3252 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 13:32:53.0435 3252 stexstor - ok 13:32:53.0482 3252 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 13:32:53.0498 3252 stisvc - ok 13:32:53.0513 3252 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 13:32:53.0513 3252 swenum - ok 13:32:53.0561 3252 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 13:32:53.0575 3252 swprv - ok 13:32:53.0641 3252 [ 5E3B232A614339399ACC71FA3AAAAA6B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 13:32:53.0650 3252 SynTP - ok 13:32:53.0828 3252 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 13:32:53.0844 3252 SysMain - ok 13:32:53.0859 3252 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:32:53.0859 3252 TabletInputService - ok 13:32:53.0875 3252 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:32:53.0891 3252 TapiSrv - ok 13:32:53.0906 3252 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 13:32:53.0906 3252 TBS - ok 13:32:54.0156 3252 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:32:54.0249 3252 Tcpip - ok 13:32:54.0312 3252 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:32:54.0312 3252 TCPIP6 - ok 13:32:54.0359 3252 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:32:54.0359 3252 tcpipreg - ok 13:32:54.0390 3252 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:32:54.0390 3252 TDPIPE - ok 13:32:54.0437 3252 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:32:54.0437 3252 TDTCP - ok 13:32:54.0452 3252 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:32:54.0468 3252 tdx - ok 13:32:54.0483 3252 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 13:32:54.0483 3252 TermDD - ok 13:32:54.0606 3252 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 13:32:54.0623 3252 TermService - ok 13:32:54.0646 3252 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 13:32:54.0648 3252 Themes - ok 13:32:54.0670 3252 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 13:32:54.0673 3252 THREADORDER - ok 13:32:54.0694 3252 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 13:32:54.0699 3252 TrkWks - ok 13:32:54.0751 3252 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:32:54.0755 3252 TrustedInstaller - ok 13:32:54.0783 3252 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:32:54.0786 3252 tssecsrv - ok 13:32:54.0808 3252 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 13:32:54.0810 3252 TsUsbFlt - ok 13:32:54.0816 3252 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 13:32:54.0816 3252 TsUsbGD - ok 13:32:54.0847 3252 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:32:54.0847 3252 tunnel - ok 13:32:54.0878 3252 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 13:32:54.0910 3252 TurboB - ok 13:32:54.0941 3252 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 13:32:54.0972 3252 TurboBoost - ok 13:32:54.0988 3252 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 13:32:54.0988 3252 uagp35 - ok 13:32:55.0003 3252 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:32:55.0019 3252 udfs - ok 13:32:55.0050 3252 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:32:55.0066 3252 UI0Detect - ok 13:32:55.0097 3252 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:32:55.0097 3252 uliagpkx - ok 13:32:55.0128 3252 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:32:55.0128 3252 umbus - ok 13:32:55.0159 3252 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 13:32:55.0159 3252 UmPass - ok 13:32:55.0190 3252 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 13:32:55.0190 3252 upnphost - ok 13:32:55.0222 3252 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:32:55.0253 3252 usbccgp - ok 13:32:55.0268 3252 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:32:55.0268 3252 usbcir - ok 13:32:55.0284 3252 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 13:32:55.0284 3252 usbehci - ok 13:32:55.0331 3252 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:32:55.0362 3252 usbhub - ok 13:32:55.0378 3252 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:32:55.0378 3252 usbohci - ok 13:32:55.0409 3252 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:32:55.0409 3252 usbprint - ok 13:32:55.0440 3252 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 13:32:55.0456 3252 usbscan - ok 13:32:55.0471 3252 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:32:55.0487 3252 USBSTOR - ok 13:32:55.0518 3252 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 13:32:55.0518 3252 usbuhci - ok 13:32:55.0558 3252 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 13:32:55.0563 3252 usbvideo - ok 13:32:55.0591 3252 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 13:32:55.0594 3252 UxSms - ok 13:32:55.0607 3252 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 13:32:55.0610 3252 VaultSvc - ok 13:32:55.0643 3252 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 13:32:55.0644 3252 vdrvroot - ok 13:32:55.0670 3252 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 13:32:55.0683 3252 vds - ok 13:32:55.0699 3252 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:32:55.0700 3252 vga - ok 13:32:55.0719 3252 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 13:32:55.0721 3252 VgaSave - ok 13:32:55.0745 3252 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 13:32:55.0751 3252 vhdmp - ok 13:32:55.0786 3252 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 13:32:55.0787 3252 viaide - ok 13:32:55.0811 3252 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:32:55.0813 3252 volmgr - ok 13:32:55.0821 3252 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:32:55.0837 3252 volmgrx - ok 13:32:55.0852 3252 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:32:55.0852 3252 volsnap - ok 13:32:55.0884 3252 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 13:32:55.0884 3252 vsmraid - ok 13:32:56.0008 3252 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 13:32:56.0024 3252 VSS - ok 13:32:56.0040 3252 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 13:32:56.0040 3252 vwifibus - ok 13:32:56.0055 3252 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 13:32:56.0055 3252 vwififlt - ok 13:32:56.0071 3252 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 13:32:56.0071 3252 vwifimp - ok 13:32:56.0102 3252 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 13:32:56.0118 3252 W32Time - ok 13:32:56.0133 3252 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 13:32:56.0133 3252 WacomPen - ok 13:32:56.0180 3252 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:32:56.0180 3252 WANARP - ok 13:32:56.0180 3252 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:32:56.0180 3252 Wanarpv6 - ok 13:32:56.0258 3252 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 13:32:56.0274 3252 WatAdminSvc - ok 13:32:56.0352 3252 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 13:32:56.0383 3252 wbengine - ok 13:32:56.0398 3252 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:32:56.0398 3252 WbioSrvc - ok 13:32:56.0414 3252 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:32:56.0430 3252 wcncsvc - ok 13:32:56.0445 3252 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:32:56.0445 3252 WcsPlugInService - ok 13:32:56.0461 3252 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 13:32:56.0461 3252 Wd - ok 13:32:56.0523 3252 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:32:56.0539 3252 Wdf01000 - ok 13:32:56.0583 3252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:32:56.0585 3252 WdiServiceHost - ok 13:32:56.0594 3252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:32:56.0599 3252 WdiSystemHost - ok 13:32:56.0637 3252 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys 13:32:56.0637 3252 wdkmd - ok 13:32:56.0666 3252 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 13:32:56.0676 3252 WebClient - ok 13:32:56.0695 3252 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:32:56.0704 3252 Wecsvc - ok 13:32:56.0711 3252 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:32:56.0714 3252 wercplsupport - ok 13:32:56.0734 3252 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 13:32:56.0737 3252 WerSvc - ok 13:32:56.0775 3252 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:32:56.0777 3252 WfpLwf - ok 13:32:56.0791 3252 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:32:56.0794 3252 WIMMount - ok 13:32:56.0806 3252 WinDefend - ok 13:32:56.0809 3252 WinHttpAutoProxySvc - ok 13:32:56.0869 3252 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:32:56.0869 3252 Winmgmt - ok 13:32:56.0947 3252 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 13:32:56.0978 3252 WinRM - ok 13:32:57.0025 3252 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 13:32:57.0025 3252 WinUsb - ok 13:32:57.0072 3252 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 13:32:57.0103 3252 Wlansvc - ok 13:32:57.0119 3252 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 13:32:57.0119 3252 WmiAcpi - ok 13:32:57.0166 3252 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:32:57.0166 3252 wmiApSrv - ok 13:32:57.0212 3252 WMPNetworkSvc - ok 13:32:57.0228 3252 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:32:57.0244 3252 WPCSvc - ok 13:32:57.0259 3252 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:32:57.0259 3252 WPDBusEnum - ok 13:32:57.0275 3252 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:32:57.0290 3252 ws2ifsl - ok 13:32:57.0322 3252 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 13:32:57.0322 3252 wscsvc - ok 13:32:57.0337 3252 WSearch - ok 13:32:57.0509 3252 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 13:32:57.0540 3252 wuauserv - ok 13:32:57.0577 3252 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:32:57.0606 3252 WudfPf - ok 13:32:57.0634 3252 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:32:57.0668 3252 WUDFRd - ok 13:32:57.0699 3252 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:32:57.0732 3252 wudfsvc - ok 13:32:57.0748 3252 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 13:32:57.0751 3252 WwanSvc - ok 13:32:57.0804 3252 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 13:32:57.0807 3252 xusb21 - ok 13:32:57.0844 3252 ================ Scan global =============================== 13:32:57.0860 3252 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 13:32:57.0922 3252 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 13:32:57.0938 3252 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 13:32:57.0953 3252 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 13:32:57.0985 3252 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 13:32:58.0000 3252 [Global] - ok 13:32:58.0000 3252 ================ Scan MBR ================================== 13:32:58.0016 3252 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 13:32:58.0016 3252 \Device\Harddisk1\DR1 - ok 13:32:58.0031 3252 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 13:32:58.0328 3252 \Device\Harddisk0\DR0 - ok 13:32:58.0343 3252 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 13:32:58.0343 3252 \Device\Harddisk1\DR1 - ok 13:32:58.0343 3252 ================ Scan VBR ================================== 13:32:58.0359 3252 [ 9AC1093A8D520238D267BE8797D16ADC ] \Device\Harddisk1\DR1\Partition1 13:32:58.0359 3252 \Device\Harddisk1\DR1\Partition1 - ok 13:32:58.0375 3252 [ 0CD6F0AE8B417F4949BBC2D2246A8443 ] \Device\Harddisk0\DR0\Partition1 13:32:58.0375 3252 \Device\Harddisk0\DR0\Partition1 - ok 13:32:58.0624 3252 [ EABD9F8DA3AA8C181F37BBA0939401F6 ] \Device\Harddisk0\DR0\Partition2 13:32:58.0624 3252 \Device\Harddisk0\DR0\Partition2 - ok 13:32:58.0624 3252 [ 9AC1093A8D520238D267BE8797D16ADC ] \Device\Harddisk1\DR1\Partition1 13:32:58.0624 3252 \Device\Harddisk1\DR1\Partition1 - ok 13:32:58.0624 3252 ============================================================ 13:32:58.0624 3252 Scan finished 13:32:58.0624 3252 ============================================================ 13:32:58.0655 3260 Detected object count: 0 13:32:58.0655 3260 Actual detected object count: 0 aswMBR aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-14 13:34:44 ----------------------------- 13:34:44.600 OS Version: Windows x64 6.1.7601 Service Pack 1 13:34:44.600 Number of processors: 8 586 0x2A07 13:34:44.600 ComputerName: COLIN-PC UserName: Colin 13:34:45.349 Initialize success 13:36:35.808 AVAST engine defs: 12111400 13:36:45.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:36:45.179 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3 13:36:45.195 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JMCR1Port1Path0Target0Lun0 13:36:45.195 Disk 1 Vendor: JMCR____ Size: 3830MB BusType: 0 13:36:45.226 Disk 0 MBR read successfully 13:36:45.226 Disk 0 MBR scan 13:36:45.242 Disk 0 Windows VISTA default MBR code 13:36:45.257 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63 13:36:45.273 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13568 MB offset 81920 13:36:45.304 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463328 MB offset 27869184 13:36:45.398 Disk 0 scanning C:\Windows\system32\drivers 13:37:06.460 Service scanning 13:37:41.450 Modules scanning 13:37:41.466 Disk 0 trace - called modules: 13:37:41.481 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 13:37:41.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009663790] 13:37:41.513 3 CLASSPNP.SYS[fffff88001b8f43f] -> nt!IofCallDriver -> [0xfffffa8006d19ca0] 13:37:41.528 5 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80079cd050] 13:37:42.547 AVAST engine scan C:\Windows 13:37:50.557 AVAST engine scan C:\Windows\system32 13:41:30.342 AVAST engine scan C:\Windows\system32\drivers 13:41:46.381 AVAST engine scan C:\Users\Colin 14:11:29.739 File: C:\Users\Colin\Downloads\DownloadManager_Setup(1).exe **INFECTED** Win32:Adware-gen [Adw] 14:11:29.988 File: C:\Users\Colin\Downloads\DownloadManager_Setup.exe **INFECTED** Win32:Adware-gen [Adw] 14:14:31.394 AVAST engine scan C:\ProgramData 14:15:16.044 Scan finished successfully 14:15:42.228 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Documents\MBR.dat" 14:15:42.243 The log file has been saved successfully to "C:\Users\Colin\Documents\aswMBR.txt" 14:33:48.501 Verifying 14:33:58.579 Disk 0 Windows 601 MBR fixed successfully 14:35:20.781 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Documents\MBR.dat" 14:35:20.781 The log file has been saved successfully to "C:\Users\Colin\Documents\aswMBR2.txt"
-
(The only problem that still seems to linger is that my desktop is cleared(none of my icons are showing), though they appear when I look at my desktop via "my computer") Here are the following logs : AdwCleaner: # AdwCleaner v2.007 - Logfile created 11/14/2012 at 13:01:42 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Colin - COLIN-PC # Boot Mode : Normal # Running from : C:\Users\Colin\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.5 File : C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [968 octets] - [14/11/2012 13:01:42] ########## EOF - C:\AdwCleaner[R1].txt - [1027 octets] ########## RoqueKiller RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Colin [Admin rights] Mode : Scan -- Date : 11/14/2012 13:14:46 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5061GSYN +++++ --- User --- [MBR] 0018d84e6d0ad010607cf906b3f776ce [bSP] 326bb918791288cbccf9237383fef04b : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13568 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27869184 | Size: 463328 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: JMCR SD SCSI Disk Device +++++ --- User --- [MBR] e0501857cb431ed4c44550f9c6dc1115 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3826 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_11142012_02d1314.txt >> RKreport[1]_S_11142012_02d1314.txt COMBOFIX ComboFix 12-11-14.01 - Colin 11/14/2012 13:22:19.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6300 [GMT -6:00] Running from: c:\users\Colin\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Colin\AppData\Roaming\Roaming c:\users\Colin\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#araschel.com\settings.sol c:\users\Colin\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol . . ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))) . . 2012-11-14 19:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 19:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 19:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 19:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 18:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 18:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 18:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 18:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 18:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 18:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 18:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-13 17:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B30A96DB-D421-4C4D-94F4-46297AE05BBF}\mpengine.dll 2012-11-12 14:07 . 2012-11-12 14:07 -------- d-----w- c:\users\Colin\Savages UNRATED (2012) 2012-11-12 13:07 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-11 13:09 . 2012-11-11 15:33 -------- d-----w- c:\users\Colin\Workingmans.Death.2005.PAL.DVDR 2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\Colin\Putty Hill 2010.DVDRip.XviD-playXD 2012-11-05 18:33 . 2012-11-05 18:33 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-10-29 23:57 . 2012-10-29 23:57 -------- d-----w- c:\users\Colin\The Interrupters 2011 720p BRRip x264 AC3-26K 2012-10-20 19:48 . 2012-09-25 22:26 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03A34273-37BF-4FB0-BCC5-340C9983291A}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-14 19:00 . 2012-02-26 00:13 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-08 18:06 . 2012-10-08 15:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 18:06 . 2012-02-23 22:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 17:02 . 2012-09-30 17:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-30 17:02 . 2012-09-30 17:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-30 17:02 . 2012-02-23 23:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-25 22:26 . 2012-06-12 16:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-14 19:19 . 2012-10-10 14:48 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 14:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 14:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 19:14 . 2012-10-01 15:33 9066344 ----a-w- c:\windows\system32\nvcuda.dll 2012-08-30 19:14 . 2012-10-01 15:33 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-08-30 19:14 . 2012-10-01 15:33 7397736 ----a-w- c:\windows\system32\nvopencl.dll 2012-08-30 19:14 . 2012-10-01 15:33 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-08-30 19:14 . 2012-10-01 15:33 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys 2012-08-30 19:14 . 2012-10-01 15:33 284008 ----a-w- c:\windows\system32\drivers\nvkflt.sys 2012-08-30 19:14 . 2012-10-01 15:33 2745192 ----a-w- c:\windows\system32\nvcuvid.dll 2012-08-30 19:14 . 2012-10-01 15:33 26228072 ----a-w- c:\windows\system32\nvoglv64.dll 2012-08-30 19:14 . 2012-10-01 15:33 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-08-30 19:14 . 2012-10-01 15:33 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-08-30 19:14 . 2012-10-01 15:33 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-08-30 19:14 . 2012-10-01 15:33 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-08-30 19:14 . 2012-10-01 15:33 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-08-30 19:14 . 2012-10-01 15:33 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-08-30 19:14 . 2012-10-01 15:33 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-08-30 19:14 . 2012-10-01 15:33 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-08-30 19:14 . 2012-10-01 15:33 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-08-30 19:14 . 2012-10-01 15:33 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-08-30 19:14 . 2012-10-01 15:33 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-08-30 19:14 . 2012-10-01 15:33 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-08-30 19:14 . 2012-02-22 16:10 971624 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-08-30 19:14 . 2012-02-22 16:10 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-08-30 19:14 . 2012-02-22 16:10 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-08-30 19:14 . 2012-02-22 16:10 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-08-30 19:14 . 2012-02-22 16:10 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-08-30 19:14 . 2012-02-22 16:10 2725224 ----a-w- c:\windows\system32\nvapi64.dll 2012-08-30 19:14 . 2012-02-22 16:10 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-08-30 18:03 . 2012-10-10 14:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 14:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 14:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 16:18 . 2011-10-17 09:19 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-08-30 16:18 . 2011-10-17 06:19 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-08-30 16:18 . 2011-10-17 06:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-08-30 16:18 . 2011-10-17 06:19 865640 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-08-30 16:18 . 2011-10-17 06:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-08-30 16:18 . 2011-10-17 09:19 3487434 ----a-w- c:\windows\system32\nvcoproc.bin 2012-08-30 16:18 . 2011-10-17 06:19 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-08-30 16:18 . 2011-10-17 06:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll 2012-08-30 16:17 . 2011-10-17 06:19 6198120 ----a-w- c:\windows\system32\nvcpl.dll 2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-08-24 18:05 . 2012-10-10 14:48 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 14:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 18:57 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 18:57 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 18:57 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 22:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-10 14:48 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 14:48 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 14:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 14:48 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 14:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 14:48 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 14:48 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 14:48 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 14:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 14:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-10 14:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-10 14:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-10 14:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-18 963984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048] "D3DOverrider"="c:\d3doverrider\D3DOverriderWrapper.exe" [2009-08-23 40960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] . c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736] R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-24 283200] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392] . . Contents of the 'Scheduled Tasks' folder . 2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 18:06] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001Core.job - c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001UA.job - c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.dell.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: rhapsody.com\rhap-app-4-0 Trusted Zone: rhapsody.com\rhapreg TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-14 13:29:19 ComboFix-quarantined-files.txt 2012-11-14 19:29 ComboFix2.txt 2011-10-03 20:22 . Pre-Run: 30,805,630,976 bytes free Post-Run: 31,081,816,064 bytes free . - - End Of File - - EEDE71495665255F1225EBB1EEA6EABA
-
Hi Gringo, While waiting, I did all the scans up to aswMBR. Before I restart and provide all the logs, I had one question -- The aswMBR found 2 infected files. I saved log. Should I now click "fixMBR"? Or just restart and post all logs to you? Thanks again.
-
Thanks for the Quick reply Gringo! Here is the new log. (Should I attach or post within?) Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012 Ran by SYSTEM at 2012-11-14 11:57:25 Run:1 Running from F:\ ============================================== HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\st5rhuy54u45hy Value deleted successfully. HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Run\\4e5ayhare4yh Value deleted successfully. HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Run\\st5rhuy54u45hy Value deleted successfully. HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully. HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools Value deleted successfully. HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop Value deleted successfully. HKEY_USERS\Colin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully. HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully . C:\Users\Colin\AppData\Roaming\5w4yher54uyhw4.exe moved successfully. C:\Users\Colin\AppData\Local\e54yher4h6j.exe moved successfully. C:\Users\Colin\0.4475846889831203.exe moved successfully. ==== End of Fixlog ====
-
Hi All, First off, massive thanks to all the help you guys give to everyone. You're so generous with your time. I've been infected with this moneypak virus and have been following insturctions from former threads on here about how to proceed. I've followed the rules to do the farbar recover scan and have both logs attached. Would someone mind taking a look at them? I appreciate any help in this manner. Thanks guys! FRST.txt Search.txt