Jump to content

Yetzederixx

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by Yetzederixx

  1. I'm definitely going to look into taking, at least, one of those courses so I may hit you up on your offer! I should of mentioned this in the original post (doh!), but this cleared up whatever was causing Malwarebytes to have to block an outgoing IP. It no longer does this so the powers that be can consider this "trouble call" closed. Hopefully I'll be helping other users out before long! 13:31:29 Jared IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52129, Process: firefox.exe) 15:27:08 Jared IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52388, Process: firefox.exe)
  2. I ran the ESET Online scanner but there was no log file made. However, the scanner found nothing. Also of note, the scanner installed to this path on my machine: C:\Program Files (x86)\ESET\ESET Online Scanner\ The BitDefender ran without any problems, and works with Firefox 5.0 just fine by the way. Thanks a ton for your help! I'm not 100% sure what doing all these scans did for me, but I do appreciate the time you spent helping me out. Lastly, since I'm a CompSci student and should learn how to do this stuff myself, how do you learn about security in general and how to interpret/utilize the output of these programs?
  3. ComboFix 11-08-07.03 - Jared 08/07/2011 16:34:12.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2468 [GMT -5:00] Running from: c:\users\Jared\Desktop\ComboFix.exe Command switches used :: c:\users\Jared\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\System32\Drivers\44095512.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_44095512 . . ((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 ))))))))))))))))))))))))))))))) . . 2011-08-07 21:37 . 2011-08-07 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-07 21:21 . 2011-08-07 21:21 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2011-08-07 19:21 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F4C64B2-73DC-4C5C-B546-5A7D1CD0E1AC}\mpengine.dll 2011-08-05 16:17 . 2011-08-05 16:17 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\280ef9831cc538b01\MeshBetaRemover.exe 2011-08-01 06:43 . 2011-08-01 06:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-08-01 06:43 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-07-31 16:00 . 2011-07-31 16:00 -------- d-----w- c:\users\Jared\AppData\Local\ElevatedDiagnostics 2011-07-29 02:25 . 2011-07-29 02:25 -------- d-----w- c:\program files\Defraggler 2011-07-28 17:12 . 2011-07-28 17:12 -------- d-----w- c:\program files (x86)\MSI 2011-07-18 03:28 . 2011-07-18 03:28 -------- d-----w- c:\program files (x86)\ImageShackToolbar 2011-07-12 14:58 . 2011-07-12 14:58 -------- d-----w- c:\users\Jared\AppData\Roaming\Notepad++ 2011-07-12 14:58 . 2011-07-12 14:58 -------- d-----w- c:\program files (x86)\Notepad++ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-05 16:18 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-21 03:12 . 2011-05-11 20:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-07-13 04:53 . 2011-04-30 03:36 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-07 00:52 . 2011-04-29 01:00 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 00:52 . 2011-04-29 01:00 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 17:41 . 2011-04-29 05:22 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-04 16:57 . 2011-05-18 06:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-01 18:47 . 2011-07-01 18:47 53248 ----a-r- c:\users\Jared\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-06-03 05:57 . 2011-07-13 13:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-24 11:42 . 2011-06-29 13:12 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-29 13:12 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 13:12 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 13:12 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 13:12 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-05-18 02:46 . 2011-05-18 02:46 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx 2011-05-18 01:35 . 2011-05-18 01:35 90784 ----a-w- c:\windows\SysWow64\EasyHook32.dll 2011-05-18 01:35 . 2011-05-18 01:35 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll 2011-05-13 21:03 . 2011-05-13 21:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2011-05-13 01:01 . 2006-03-04 04:52 88576 ----a-w- c:\windows\SysWow64\OptimFROG.dll 2011-05-13 00:53 . 2011-05-13 00:54 399736 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-07_18.57.03 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-08-05 21:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-08-07 21:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-08-05 21:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-08-07 21:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-08-05 21:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-08-07 21:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-04-29 00:33 . 2011-08-07 21:24 36612 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-08-07 21:24 30336 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-04-29 00:30 . 2011-08-07 21:24 7806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3792824324-865341337-562943517-1001_UserData.bin + 2011-08-07 21:40 . 2011-08-07 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-05 21:52 . 2011-08-05 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-08-07 21:40 . 2011-08-07 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-08-05 21:52 . 2011-08-05 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-07 21:21 . 2011-08-07 21:21 2560 c:\windows\_MSRSTRT.EXE + 2009-07-14 02:36 . 2011-08-07 21:27 635046 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-08-07 18:34 635046 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-08-07 18:34 111548 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-08-07 21:27 111548 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2011-08-07 21:38 287004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-08-05 21:51 287004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-06-23 08:24 . 2011-08-07 21:22 1092876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792824324-865341337-562943517-1001-4096.dat + 2011-04-29 02:03 . 2011-08-07 21:38 32720928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792824324-865341337-562943517-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-05-18 265928] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF24499.cfxxe" [X] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152] "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Post Image to Blog - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5003 IE: Tag This Image - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5002 IE: Transload Image to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5004 IE: Upload All Images to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5000 IE: Upload Image to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5001 LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 FF - ProfilePath - c:\users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\ce3ubxw4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2011-08-07 16:44:06 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-07 21:44 ComboFix2.txt 2011-08-07 19:00 . Pre-Run: 290,650,546,176 bytes free Post-Run: 290,425,774,080 bytes free . - - End Of File - - 55936513364905D2F238E910E3E76B58
  4. Security Check file Results of screen317's Security Check version 0.99.18 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 26 Java SE Development Kit 6 Update 25 Java SE Development Kit 6 Update 26 Adobe Flash Player 10.3.181.26 Adobe Reader X (10.1.0) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Microsoft Security Essentials msseces.exe ``````````End of Log````````````
  5. ComboFix.txt ComboFix 11-08-07.03 - Jared 08/07/2011 13:51:37.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2332 [GMT -5:00] Running from: c:\users\Jared\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\KeePass Password Safe 2\KeePass.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 ))))))))))))))))))))))))))))))) . . 2011-08-07 18:56 . 2011-08-07 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-07 08:32 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{064D9D0B-7A3C-4387-A222-C14280509BF9}\mpengine.dll 2011-08-05 16:17 . 2011-08-05 16:17 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\280ef9831cc538b01\MeshBetaRemover.exe 2011-08-01 06:43 . 2011-08-01 06:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-08-01 06:43 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-07-31 16:00 . 2011-07-31 16:00 -------- d-----w- c:\users\Jared\AppData\Local\ElevatedDiagnostics 2011-07-29 02:25 . 2011-07-29 02:25 -------- d-----w- c:\program files\Defraggler 2011-07-28 17:12 . 2011-07-28 17:12 -------- d-----w- c:\program files (x86)\MSI 2011-07-18 03:28 . 2011-07-18 03:28 -------- d-----w- c:\program files (x86)\ImageShackToolbar 2011-07-12 14:58 . 2011-07-12 14:58 -------- d-----w- c:\users\Jared\AppData\Roaming\Notepad++ 2011-07-12 14:58 . 2011-07-12 14:58 -------- d-----w- c:\program files (x86)\Notepad++ 2011-07-08 20:22 . 2011-07-08 20:22 -------- d-----w- c:\users\Jared\AppData\Local\Help 2011-07-08 19:02 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe 2011-07-08 19:02 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll 2011-07-08 19:02 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll 2011-07-08 19:02 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll 2011-07-08 19:02 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll 2011-07-08 19:02 . 2009-08-04 17:55 10240 ----a-w- c:\windows\SysWow64\ftlx041e.dll 2011-07-08 19:02 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-05 16:18 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-21 03:12 . 2011-05-11 20:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-07-13 04:53 . 2011-04-30 03:36 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-07 00:52 . 2011-04-29 01:00 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 00:52 . 2011-04-29 01:00 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 17:41 . 2011-04-29 05:22 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-04 16:57 . 2011-05-18 06:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-01 18:47 . 2011-07-01 18:47 53248 ----a-r- c:\users\Jared\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-06-03 05:57 . 2011-07-13 13:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-24 11:42 . 2011-06-29 13:12 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-29 13:12 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 13:12 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 13:12 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 13:12 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-05-18 02:46 . 2011-05-18 02:46 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx 2011-05-18 01:35 . 2011-05-18 01:35 90784 ----a-w- c:\windows\SysWow64\EasyHook32.dll 2011-05-18 01:35 . 2011-05-18 01:35 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll 2011-05-13 21:03 . 2011-05-13 21:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2011-05-13 01:01 . 2006-03-04 04:52 88576 ----a-w- c:\windows\SysWow64\OptimFROG.dll 2011-05-13 00:53 . 2011-05-13 00:54 399736 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-05-18 265928] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 44095512 *NewlyCreated* - MPNWMON *Deregistered* - 44095512 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152] "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm IE: Post Image to Blog - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5003 IE: Tag This Image - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5002 IE: Transload Image to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5004 IE: Upload All Images to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5000 IE: Upload Image to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5001 LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll FF - ProfilePath - c:\users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\ce3ubxw4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-KeePass Password Safe 2 - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe Wow6432Node-HKLM-Run-KeePass 2 PreLoad - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe AddRemove-dBpoweramp Aiff Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp CLI Encoder - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp DirectShow Decoder - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp OptimFROG Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Shorten Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp TTA Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpowerAMP Windows Media Audio 9 Codec - c:\windows\system32\SpoonUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{6932D140-ABC4-4073-A44C-D4A541665E35}"=hex:51,66,7a,6c,4c,1d,38,12,2e,d2,21, 6d,f6,e5,1d,05,db,5a,97,e5,44,38,1a,21 "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF6C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,7f, fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14 "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42 "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:7e,78,ce,da,fa,44,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,a6,29,7b,36,7b,f1,4c,86,5e,8e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,a6,29,7b,36,7b,f1,4c,86,5e,8e,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-07 14:00:16 ComboFix-quarantined-files.txt 2011-08-07 19:00 . Pre-Run: 291,112,644,608 bytes free Post-Run: 290,851,651,584 bytes free . - - End Of File - - D0F9FC11515CFA3B21A07CFEF85326BE
  6. Thanks for your quick response, and on a Sunday no less! TDS Log to follow: 2011/08/07 13:37:04.0833 4400 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29 2011/08/07 13:37:05.0309 4400 ================================================================================ 2011/08/07 13:37:05.0309 4400 SystemInfo: 2011/08/07 13:37:05.0309 4400 2011/08/07 13:37:05.0309 4400 OS Version: 6.1.7601 ServicePack: 1.0 2011/08/07 13:37:05.0310 4400 Product type: Workstation 2011/08/07 13:37:05.0310 4400 ComputerName: HAL 2011/08/07 13:37:05.0310 4400 UserName: Jared 2011/08/07 13:37:05.0310 4400 Windows directory: C:\Windows 2011/08/07 13:37:05.0310 4400 System windows directory: C:\Windows 2011/08/07 13:37:05.0310 4400 Running under WOW64 2011/08/07 13:37:05.0310 4400 Processor architecture: Intel x64 2011/08/07 13:37:05.0310 4400 Number of processors: 4 2011/08/07 13:37:05.0310 4400 Page size: 0x1000 2011/08/07 13:37:05.0310 4400 Boot type: Normal boot 2011/08/07 13:37:05.0310 4400 ================================================================================ 2011/08/07 13:37:06.0713 4400 Initialize success 2011/08/07 13:37:10.0476 4452 ================================================================================ 2011/08/07 13:37:10.0476 4452 Scan started 2011/08/07 13:37:10.0476 4452 Mode: Manual; 2011/08/07 13:37:10.0476 4452 ================================================================================ 2011/08/07 13:37:11.0185 4452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 2011/08/07 13:37:11.0269 4452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 2011/08/07 13:37:11.0358 4452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 2011/08/07 13:37:11.0470 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/08/07 13:37:11.0608 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/08/07 13:37:11.0659 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/08/07 13:37:11.0789 4452 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 2011/08/07 13:37:11.0904 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 2011/08/07 13:37:12.0031 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 2011/08/07 13:37:12.0052 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 2011/08/07 13:37:12.0103 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/08/07 13:37:12.0173 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/08/07 13:37:12.0243 4452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 2011/08/07 13:37:12.0285 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/08/07 13:37:12.0385 4452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 2011/08/07 13:37:12.0450 4452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 2011/08/07 13:37:12.0575 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/08/07 13:37:12.0602 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/08/07 13:37:12.0702 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/07 13:37:12.0737 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 2011/08/07 13:37:12.0818 4452 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 2011/08/07 13:37:12.0986 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/08/07 13:37:13.0095 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/08/07 13:37:13.0158 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/08/07 13:37:13.0283 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/08/07 13:37:13.0318 4452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/07 13:37:13.0417 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/08/07 13:37:13.0458 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/08/07 13:37:13.0576 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/08/07 13:37:13.0599 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/08/07 13:37:13.0631 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/08/07 13:37:13.0650 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/08/07 13:37:13.0843 4452 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 2011/08/07 13:37:13.0887 4452 BtHidBus (81229822facaa324718b3b3c973688ed) C:\Windows\system32\Drivers\BtHidBus.sys 2011/08/07 13:37:13.0998 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/08/07 13:37:14.0059 4452 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 2011/08/07 13:37:14.0336 4452 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 2011/08/07 13:37:14.0477 4452 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 2011/08/07 13:37:14.0605 4452 btnetBUs (2531372cc2ad7c7204a7520dc7c2d0da) C:\Windows\system32\Drivers\btnetBus.sys 2011/08/07 13:37:14.0651 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/07 13:37:14.0762 4452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/07 13:37:14.0829 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/08/07 13:37:14.0918 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/08/07 13:37:15.0079 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/08/07 13:37:15.0123 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 2011/08/07 13:37:15.0241 4452 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 2011/08/07 13:37:15.0353 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/08/07 13:37:15.0419 4452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 2011/08/07 13:37:15.0529 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/08/07 13:37:15.0614 4452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 2011/08/07 13:37:15.0714 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/08/07 13:37:15.0761 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/08/07 13:37:15.0877 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/08/07 13:37:15.0942 4452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/07 13:37:16.0136 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/08/07 13:37:16.0351 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/08/07 13:37:16.0455 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 2011/08/07 13:37:16.0531 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/08/07 13:37:16.0626 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/08/07 13:37:16.0691 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/07 13:37:16.0803 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/08/07 13:37:16.0830 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/08/07 13:37:16.0857 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/07 13:37:16.0907 4452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 2011/08/07 13:37:17.0015 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/08/07 13:37:17.0046 4452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/07 13:37:17.0104 4452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/08/07 13:37:17.0203 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/08/07 13:37:17.0229 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/08/07 13:37:17.0304 4452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 2011/08/07 13:37:17.0415 4452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 2011/08/07 13:37:17.0459 4452 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 2011/08/07 13:37:17.0550 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/08/07 13:37:17.0582 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/08/07 13:37:17.0631 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/08/07 13:37:17.0751 4452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 2011/08/07 13:37:17.0830 4452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 2011/08/07 13:37:17.0951 4452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 2011/08/07 13:37:18.0049 4452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 2011/08/07 13:37:18.0102 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 2011/08/07 13:37:18.0237 4452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 2011/08/07 13:37:18.0561 4452 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys 2011/08/07 13:37:18.0926 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/08/07 13:37:19.0003 4452 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 2011/08/07 13:37:19.0115 4452 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 2011/08/07 13:37:19.0160 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 2011/08/07 13:37:19.0264 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/07 13:37:19.0323 4452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/08/07 13:37:19.0455 4452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 2011/08/07 13:37:19.0512 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/08/07 13:37:19.0618 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/08/07 13:37:19.0654 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 2011/08/07 13:37:19.0686 4452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 2011/08/07 13:37:19.0791 4452 IvtBtBUs (70ebda3ed637b0212450c5542edd11a7) C:\Windows\system32\Drivers\IvtBtBus.sys 2011/08/07 13:37:19.0877 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/07 13:37:19.0978 4452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/08/07 13:37:20.0022 4452 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/07 13:37:20.0115 4452 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 2011/08/07 13:37:20.0150 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/08/07 13:37:20.0291 4452 LEqdUsb (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys 2011/08/07 13:37:20.0342 4452 LHidEqd (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys 2011/08/07 13:37:20.0455 4452 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/08/07 13:37:20.0493 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/07 13:37:20.0608 4452 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/08/07 13:37:20.0746 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/08/07 13:37:20.0769 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/08/07 13:37:20.0794 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/08/07 13:37:20.0821 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/08/07 13:37:20.0859 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/08/07 13:37:21.0007 4452 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys 2011/08/07 13:37:21.0055 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/08/07 13:37:21.0087 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/08/07 13:37:21.0203 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/08/07 13:37:21.0251 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/07 13:37:21.0364 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/07 13:37:21.0424 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/08/07 13:37:21.0528 4452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 2011/08/07 13:37:21.0668 4452 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 2011/08/07 13:37:21.0714 4452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 2011/08/07 13:37:21.0827 4452 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 2011/08/07 13:37:21.0869 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/07 13:37:21.0914 4452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 2011/08/07 13:37:22.0016 4452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/07 13:37:22.0048 4452 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/07 13:37:22.0076 4452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/07 13:37:22.0123 4452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 2011/08/07 13:37:22.0236 4452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 2011/08/07 13:37:22.0323 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/08/07 13:37:22.0416 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/08/07 13:37:22.0453 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 2011/08/07 13:37:22.0566 4452 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys 2011/08/07 13:37:22.0668 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/07 13:37:22.0712 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/07 13:37:22.0812 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/08/07 13:37:22.0859 4452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 2011/08/07 13:37:22.0959 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 2011/08/07 13:37:23.0005 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/08/07 13:37:23.0037 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/08/07 13:37:23.0151 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/08/07 13:37:23.0329 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/07 13:37:23.0409 4452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 2011/08/07 13:37:23.0530 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/08/07 13:37:23.0578 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/07 13:37:23.0626 4452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/07 13:37:23.0721 4452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/07 13:37:23.0771 4452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 2011/08/07 13:37:23.0885 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/07 13:37:23.0921 4452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/07 13:37:24.0079 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/08/07 13:37:24.0131 4452 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 2011/08/07 13:37:24.0238 4452 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys 2011/08/07 13:37:24.0285 4452 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys 2011/08/07 13:37:24.0382 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/08/07 13:37:24.0536 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/07 13:37:24.0621 4452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 2011/08/07 13:37:24.0724 4452 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys 2011/08/07 13:37:24.0805 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/08/07 13:37:24.0865 4452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 2011/08/07 13:37:24.0965 4452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 2011/08/07 13:37:25.0000 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 2011/08/07 13:37:25.0034 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 2011/08/07 13:37:25.0087 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/08/07 13:37:25.0181 4452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 2011/08/07 13:37:25.0245 4452 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 2011/08/07 13:37:25.0341 4452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 2011/08/07 13:37:25.0379 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 2011/08/07 13:37:25.0425 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/08/07 13:37:25.0500 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/08/07 13:37:25.0549 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/08/07 13:37:25.0754 4452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/07 13:37:25.0794 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/08/07 13:37:25.0915 4452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/07 13:37:25.0966 4452 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys 2011/08/07 13:37:26.0096 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/08/07 13:37:26.0237 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/08/07 13:37:26.0273 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/07 13:37:26.0301 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/07 13:37:26.0408 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/08/07 13:37:26.0457 4452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/07 13:37:26.0571 4452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/07 13:37:26.0601 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/07 13:37:26.0642 4452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/07 13:37:26.0746 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/08/07 13:37:26.0792 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/07 13:37:26.0822 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/07 13:37:26.0916 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/08/07 13:37:26.0964 4452 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 2011/08/07 13:37:27.0056 4452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 2011/08/07 13:37:27.0125 4452 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/08/07 13:37:27.0254 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/07 13:37:27.0306 4452 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/08/07 13:37:27.0407 4452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 2011/08/07 13:37:27.0454 4452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 2011/08/07 13:37:27.0591 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/08/07 13:37:27.0668 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/08/07 13:37:27.0693 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/08/07 13:37:27.0806 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/08/07 13:37:27.0886 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2011/08/07 13:37:27.0913 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2011/08/07 13:37:28.0012 4452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 2011/08/07 13:37:28.0060 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/08/07 13:37:28.0182 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/08/07 13:37:28.0202 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/08/07 13:37:28.0241 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/08/07 13:37:28.0365 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/08/07 13:37:28.0442 4452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 2011/08/07 13:37:28.0546 4452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/07 13:37:28.0581 4452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/07 13:37:28.0696 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/08/07 13:37:28.0745 4452 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 2011/08/07 13:37:28.0853 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 2011/08/07 13:37:28.0967 4452 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys 2011/08/07 13:37:29.0123 4452 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/07 13:37:29.0231 4452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/07 13:37:29.0274 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/08/07 13:37:29.0291 4452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/08/07 13:37:29.0342 4452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/07 13:37:29.0435 4452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 2011/08/07 13:37:29.0519 4452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/07 13:37:29.0711 4452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 2011/08/07 13:37:29.0780 4452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/07 13:37:29.0876 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/08/07 13:37:29.0925 4452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/07 13:37:29.0990 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 2011/08/07 13:37:30.0096 4452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 2011/08/07 13:37:30.0140 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/08/07 13:37:30.0260 4452 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 2011/08/07 13:37:30.0310 4452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/07 13:37:30.0423 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 2011/08/07 13:37:30.0461 4452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 2011/08/07 13:37:30.0571 4452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/07 13:37:30.0612 4452 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 2011/08/07 13:37:30.0652 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/08/07 13:37:30.0754 4452 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys 2011/08/07 13:37:30.0788 4452 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 2011/08/07 13:37:30.0831 4452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/07 13:37:30.0877 4452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 2011/08/07 13:37:30.0995 4452 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 2011/08/07 13:37:31.0193 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 2011/08/07 13:37:31.0232 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/07 13:37:31.0263 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/08/07 13:37:31.0361 4452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 2011/08/07 13:37:31.0423 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 2011/08/07 13:37:31.0531 4452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 2011/08/07 13:37:31.0575 4452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 2011/08/07 13:37:31.0617 4452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 2011/08/07 13:37:31.0724 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/08/07 13:37:31.0767 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/08/07 13:37:31.0794 4452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/08/07 13:37:31.0901 4452 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/08/07 13:37:31.0945 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/08/07 13:37:32.0047 4452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/07 13:37:32.0065 4452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/07 13:37:32.0145 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/08/07 13:37:32.0191 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/07 13:37:32.0360 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/08/07 13:37:32.0401 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/08/07 13:37:32.0580 4452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/08/07 13:37:32.0665 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 2011/08/07 13:37:32.0786 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/07 13:37:32.0851 4452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 2011/08/07 13:37:32.0906 4452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/07 13:37:33.0030 4452 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0 2011/08/07 13:37:33.0049 4452 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 2011/08/07 13:37:33.0207 4452 Boot (0x1200) (db849f047dc954569088d09d1e32ae89) \Device\Harddisk0\DR0\Partition0 2011/08/07 13:37:33.0228 4452 Boot (0x1200) (3e21d5cc56f9fd3dad860e80f40983c1) \Device\Harddisk0\DR0\Partition1 2011/08/07 13:37:33.0247 4452 Boot (0x1200) (5b2b8e70de72c2d0b75e29ec8e5169e6) \Device\Harddisk1\DR1\Partition0 2011/08/07 13:37:33.0259 4452 ================================================================================ 2011/08/07 13:37:33.0259 4452 Scan finished 2011/08/07 13:37:33.0260 4452 ================================================================================ 2011/08/07 13:37:33.0277 4292 Detected object count: 0 2011/08/07 13:37:33.0278 4292 Actual detected object count: 0 2011/08/07 13:39:13.0511 4756 Deinitialize success
  7. I got infected before I purchased Malwarebytes, the requested log files follows the items that MS Security Essentials found previously. Exploit:Java/CVE-2010-0840.EX, Removed on 7/24/2011 containerfile:C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-3ba73c77 file:C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-3ba73c77->bingo/haskalu.class TrojanDownloader:Java/OpenConnection.OI, Removed on 7/24/2011 containerfile:C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-3ba73c77 file:C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-3ba73c77->bingo/efir.class Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7383 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 8/5/2011 11:13:53 PM mbam-log-2011-08-05 (23-13-53).txt Scan type: Quick scan Objects scanned: 166881 Time elapsed: 3 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Jared at 23:34:15 on 2011-08-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.1199 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Jared\AppData\Local\Mudlet\mudlet.exe C:\Program Files (x86)\Turbine\DDO Unlimited\dndclient.exe C:\Program Files (x86)\Notepad++\notepad++.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com mWinlogon: Userinit=userinit.exe BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: ImageShack Toolbar: {6932d140-abc4-4073-a44c-d4a541665e35} - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [<NO NAME>] uRun: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRun: [<NO NAME>] mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm IE: Post Image to Blog - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5003 IE: Tag This Image - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5002 IE: Transload Image to ImageShack - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5004 IE: Upload All Images to ImageShack - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5000 IE: Upload Image to ImageShack - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5001 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} - hxxp://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 TCP: Interfaces\{9D3908E7-B527-4BD5-BE4E-BE20A8EB2653} : DhcpNameServer = 208.180.42.68 208.180.42.100 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL BHO-X64: Download Accelerator Plus Integration - No File BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: ImageShack Toolbar: {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRun-x64: [(Default)] mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\ce3ubxw4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-28 366640] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-28 2320920] R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?] S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2011-7-28 33592] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-7-28 14136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-08-05 21:54:16 -------- d-----w- C:\Users\Jared\AppData\Local\{79546185-D841-4FC5-BA8F-A714FF186181} 2011-08-05 21:54:04 -------- d-----w- C:\Users\Jared\AppData\Local\{16B4B874-F445-4344-B57D-8D0081CA5FBE} 2011-08-05 17:00:41 -------- d-----w- C:\Users\Jared\AppData\Local\{6A32240D-CB08-488B-97CE-3BF143A3BE9B} 2011-08-05 17:00:28 -------- d-----w- C:\Users\Jared\AppData\Local\{204C5BF0-C3B4-4E03-A21D-FFE3DADB6DA5} 2011-08-05 16:17:22 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\280ef9831cc538b01\MeshBetaRemover.exe 2011-08-05 06:49:36 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49CEEFF9-9B13-43EA-B5ED-7D4B167F71C8}\mpengine.dll 2011-08-02 04:50:45 -------- d-----w- C:\Users\Jared\AppData\Local\{C4C45836-B362-491A-A3F7-F70C396AF6C3} 2011-08-01 16:50:20 -------- d-----w- C:\Users\Jared\AppData\Local\{D1347828-4D4D-4AC5-A637-B586D3CAEE17} 2011-08-01 06:43:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-08-01 06:43:16 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-08-01 04:50:08 -------- d-----w- C:\Users\Jared\AppData\Local\{200E6F91-1E74-4E6E-9C66-5FEED5C8B495} 2011-07-31 16:49:56 -------- d-----w- C:\Users\Jared\AppData\Local\{AA839F55-A419-4A12-BD30-5B3E7255D540} 2011-07-31 16:00:31 -------- d-----w- C:\Users\Jared\AppData\Local\ElevatedDiagnostics 2011-07-31 04:49:44 -------- d-----w- C:\Users\Jared\AppData\Local\{9BAE8F60-D76A-4F2F-9B24-2F50F4852D32} 2011-07-30 16:49:32 -------- d-----w- C:\Users\Jared\AppData\Local\{F0508864-9CC5-4476-8598-F1C6CDD222EB} 2011-07-30 04:49:20 -------- d-----w- C:\Users\Jared\AppData\Local\{381E3066-4A78-47A5-8FFD-ECDD17254669} 2011-07-29 16:47:43 -------- d-----w- C:\Users\Jared\AppData\Local\{61DC0A3C-E30C-4F89-9213-FF6C58AC9EB9} 2011-07-29 02:25:03 -------- d-----w- C:\Program Files\Defraggler 2011-07-28 17:12:31 -------- d-----w- C:\Program Files (x86)\MSI 2011-07-28 15:58:32 -------- d-----w- C:\Users\Jared\AppData\Local\{F12D983D-FAB5-4519-814E-DD78A14F3B7E} 2011-07-28 03:58:20 -------- d-----w- C:\Users\Jared\AppData\Local\{10075C1C-4C15-40C6-9D31-7B5A534C56F3} 2011-07-27 15:57:56 -------- d-----w- C:\Users\Jared\AppData\Local\{11EA15D8-5619-4974-B613-65AB32E0C518} 2011-07-27 03:57:44 -------- d-----w- C:\Users\Jared\AppData\Local\{08753690-1F65-48A1-9825-C7B24A1BB197} 2011-07-26 15:57:19 -------- d-----w- C:\Users\Jared\AppData\Local\{817DFD9C-A68B-4A78-9B71-93BABF870CA3} 2011-07-26 03:57:07 -------- d-----w- C:\Users\Jared\AppData\Local\{4F3569AB-2E47-4072-8D0C-1DB0CF17347A} 2011-07-25 15:56:55 -------- d-----w- C:\Users\Jared\AppData\Local\{9E58401A-DD61-4969-8066-FDCBD49D5ED0} 2011-07-25 03:15:40 -------- d-----w- C:\Users\Jared\AppData\Local\{E2AA43DD-6AF4-41D7-AADE-A51E509FF4A8} 2011-07-24 03:14:41 -------- d-----w- C:\Users\Jared\AppData\Local\{31071847-42C5-4EDE-A303-349709167728} 2011-07-21 03:13:16 -------- d-----w- C:\Users\Jared\AppData\Local\{26008D94-C7F7-4FC7-BF5F-243D94F492EC} 2011-07-20 15:12:52 -------- d-----w- C:\Users\Jared\AppData\Local\{C8BC7A50-7EFD-4C6D-A881-F59419D85A1F} 2011-07-20 03:12:40 -------- d-----w- C:\Users\Jared\AppData\Local\{93E9879D-CA3B-4737-8845-6E64CD64E6F8} 2011-07-19 15:12:28 -------- d-----w- C:\Users\Jared\AppData\Local\{B67C5C8F-786A-4F03-8BEC-4B2E27C9F739} 2011-07-19 03:12:16 -------- d-----w- C:\Users\Jared\AppData\Local\{6B250544-5B0C-4F98-A6F4-4448758A63CC} 2011-07-18 15:12:04 -------- d-----w- C:\Users\Jared\AppData\Local\{2F87A825-4E1C-4B28-89AF-7B67FBF23F23} 2011-07-18 03:28:48 -------- d-----w- C:\Program Files (x86)\ImageShackToolbar 2011-07-18 03:11:52 -------- d-----w- C:\Users\Jared\AppData\Local\{0050C8C8-A34F-4CA3-ADDB-71C10BE899CD} 2011-07-17 03:11:28 -------- d-----w- C:\Users\Jared\AppData\Local\{F151339E-551C-45A1-BC59-33C9F27BA771} 2011-07-16 15:11:03 -------- d-----w- C:\Users\Jared\AppData\Local\{004A3230-3F82-48B5-8150-78C036E5B8F0} 2011-07-15 00:13:11 -------- d-----w- C:\Users\Jared\AppData\Local\{4CC52615-80E2-48E1-8833-5F806C09D2D4} 2011-07-13 13:31:01 -------- d-----w- C:\Users\Jared\AppData\Local\{AEC6C32A-482D-436D-91F5-8230A5EE762D} 2011-07-13 00:42:38 -------- d-----w- C:\Users\Jared\AppData\Local\{513532C3-AF52-454E-82F8-CB6B7A362F90} 2011-07-12 12:42:44 -------- d-----w- C:\Users\Jared\AppData\Local\{5C6BE06C-A291-41B2-B427-FAC28AF898C3} 2011-07-10 00:43:10 -------- d-----w- C:\Users\Jared\AppData\Local\{0EF1ADE6-8FFA-488B-A75A-36BCA76A9B0D} 2011-07-09 12:42:44 -------- d-----w- C:\Users\Jared\AppData\Local\{BB99C8D7-E00F-4D7F-9D1F-CD25BDDEB6B9} 2011-07-09 00:42:32 -------- d-----w- C:\Users\Jared\AppData\Local\{5ACCB0CD-BA17-4D1F-9491-B83FCD8CB57E} 2011-07-08 20:22:06 -------- d-----w- C:\Users\Jared\AppData\Local\Help 2011-07-08 19:02:18 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll 2011-07-08 19:02:18 9216 ----a-w- C:\Windows\System32\ftlx0411.dll 2011-07-08 19:02:18 296960 ----a-w- C:\Windows\winhlp32.exe 2011-07-08 19:02:18 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll 2011-07-08 19:02:18 195072 ----a-w- C:\Windows\System32\ftsrch.dll 2011-07-08 19:02:18 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll 2011-07-08 19:02:18 10240 ----a-w- C:\Windows\System32\ftlx041e.dll 2011-07-08 00:41:55 -------- d-----w- C:\Users\Jared\AppData\Local\{9FD0BD78-6B02-41AA-970A-1C20D4FEC88E} 2011-07-07 18:56:36 -------- d-----w- C:\Program Files (x86)\Graph 2011-07-07 13:05:11 -------- d-----w- C:\Users\Jared\AppData\Local\{E16F45F2-78D1-47E4-A37C-1FFFDA4A9D7B} . ==================== Find3M ==================== . 2011-07-21 03:12:42 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-04 17:41:17 525544 ----a-w- C:\Windows\System32\deployJava1.dll 2011-07-04 16:57:10 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-05-18 02:46:33 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx 2011-05-18 01:35:38 90784 ----a-w- C:\Windows\SysWow64\EasyHook32.dll 2011-05-18 01:35:38 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll 2011-05-13 21:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2011-05-13 01:01:20 88576 ----a-w- C:\Windows\SysWow64\OptimFROG.dll 2011-05-13 00:53:46 399736 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe . ============= FINISH: 23:35:45.86 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.