Jump to content

bigakita

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by bigakita

  1. bigakita
    Still with you D-Fred. Busy running around for the holiday. I'll send you the results soon. Appreciate your help & Happy Thanksgiving John
  2. bigakita
    Hello D-Fred, Tried multiple times running the Kaspersky Disc . After loading on the last attempt the screen went blank for 30+ minutes before I ejected it. Let me know if this is this normal and I'll give it another shot. thanks, JV
  3. bigakita
    Here's the page url http://www.virustotal.com/file-scan/report.html?id=c256ee5580386b2a72112bd1b70cd95806f04e408402506353bc616181dd0fec-1321500335 Antivirus Version Last Update Result AhnLab-V3 2011.11.16.00 2011.11.16 Trojan/Win32.VBKrypt AntiVir 7.11.17.203 2011.11.16 - Antiy-AVL 2.0.3.7 2011.11.16 - Avast 6.0.1289.0 2011.11.16 - AVG 10.0.0.1190 2011.11.16 - BitDefender 7.2 2011.11.16 Gen:Variant.Graftor.1148 ByteHero 1.0.0.1 2011.11.14 - ClamAV 0.97.3.0 2011.11.16 - Commtouch 5.3.2.6 2011.11.16 - Comodo 10778 2011.11.14 - DrWeb 5.0.2.03300 2011.11.16 - Emsisoft 5.1.0.11 2011.11.16 - eSafe 7.0.17.0 2011.11.16 - eTrust-Vet 37.0.9569 2011.11.16 - F-Prot 4.6.5.141 2011.11.16 - F-Secure 9.0.16440.0 2011.11.16 Gen:Variant.Graftor.1148 Fortinet 4.3.370.0 2011.11.16 - GData 22 2011.11.16 Gen:Variant.Graftor.1148 Ikarus T3.1.1.109.0 2011.11.16 - Jiangmin 13.0.900 2011.11.16 - K7AntiVirus 9.119.5474 2011.11.16 - Kaspersky 9.0.0.837 2011.11.16 - McAfee 5.400.0.1158 2011.11.16 - McAfee-GW-Edition 2010.1D 2011.11.16 - Microsoft 1.7801 2011.11.16 - NOD32 6636 2011.11.16 - Norman 6.07.13 2011.11.16 - nProtect 2011-11-16.01 2011.11.16 Gen:Variant.Graftor.1148 Panda 10.0.3.5 2011.11.16 - PCTools 8.0.0.5 2011.11.16 - Prevx 3.0 2011.11.17 - Rising 23.84.02.02 2011.11.16 - Sophos 4.71.0 2011.11.16 - SUPERAntiSpyware 4.40.0.1006 2011.11.16 - Symantec 20111.2.0.82 2011.11.16 - TheHacker 6.7.0.1.343 2011.11.16 - TrendMicro 9.500.0.1008 2011.11.16 - TrendMicro-HouseCall 9.500.0.1008 2011.11.16 - VBA32 3.12.16.4 2011.11.15 - VIPRE 11062 2011.11.16 - ViRobot 2011.11.16.4776 2011.11.16 - VirusBuster 14.1.66.1 2011.11.16 - Additional information MD5 : 4109ba339dc84ed593bdd243fee3b9ec SHA1 : d072b3aa139f34409491dbc92b8b42873679d3fe SHA256: c256ee5580386b2a72112bd1b70cd95806f04e408402506353bc616181dd0fec ssdeep: 6144:IX82cOnzNAkQmCtLe9+OGiTvNq05GSYT6m1Az/Hr3o3x0qPjTuAX+FxdPWQ/NiW:wdfn5A HDti+XiTvNq0GxA2jTuAuFtn File size : 442368 bytes First seen: 2011-11-17 03:25:35 Last seen : 2011-11-17 03:25:35 Magic: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit TrID: Win32 Executable Microsoft Visual Basic 6 (96.9%) Generic Win/DOS Executable (1.5%) DOS Executable Generic (1.5%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Durham Addressograph copyright....: Louise Rankin Bingham Canterbu Mongolia Nelson Frisian Laguerre product......: Tokyo Cunningham CeciliaDuffySelena Naomi SteinbergMcLeanMao description..: MuensterHimalaya Matthew MysoreKathy AmadeusHoyt original name: qqb.exe internal name: qqb file version.: 5.06.0005 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x1478 timedatestamp....: 0x4EC400C1 (Wed Nov 16 18:28:17 2011) machinetype......: 0x14C (Intel I386) [[ 3 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x68058, 0x69000, 7.9, 49be0b7f8d285b1d14dea0d64d5ff657 .data, 0x6A000, 0xDAC, 0x1000, 0.0, 620f0b67a91f7f74151bc5be745b7110 .rsrc, 0x6B000, 0x5D0, 0x1000, 1.39, 2cf0707697998edc3249bda08c0872d8 [[ 1 import(s) ]] msvbvm60.dll: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, -, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaRefVarAry, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, DllFunctionCall, __vbaFpUI1, __vbaRedimPreserve, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, -, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaAryCopy, -, __vbaStrVarCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaFreeObj, __vbaI4ErrVar Androguard: - ExifTool: file metadata CharacterSet: Unicode CodeSize: 430080 CompanyName: Durham Addressograph EntryPoint: 0x1478 FileDescription: MuensterHimalaya Matthew MysoreKathy AmadeusHoyt FileFlagsMask: 0x0000 FileOS: Win32 FileSize: 432 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 5.06.0005 FileVersionNumber: 5.6.0.5 ImageVersion: 5.6 InitializedDataSize: 8192 InternalName: qqb LanguageCode: English (U.S.) LegalCopyright: Louise Rankin Bingham Canterbu Mongolia Nelson Frisian Laguerre LinkerVersion: 6.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Executable application OriginalFilename: qqb.exe PEType: PE32 ProductName: Tokyo Cunningham CeciliaDuffySelena Naomi SteinbergMcLeanMao ProductVersion: 5.06.0005 ProductVersionNumber: 5.6.0.5 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2011:11:16 19:28:17+01:00 UninitializedDataSize: 0
  4. bigakita
    [ArcaVir] 2011-11-17 Found nothing [Frisk F-Prot Antivirus] 2011-11-16 Found nothing [Avast! antivirus] 2011-11-16 Found nothing [F-Secure Anti-Virus] 2011-11-16 Gen:Variant.Graftor.1148 [Grisoft AVG Anti-Virus] 2011-11-16 Found nothing [ikarus] 2011-11-17 Win32.SuspectCrc [Avira AntiVir] 2011-11-16 Found nothing [Kaspersky Anti-Virus] 2011-11-17 Found nothing [softwin BitDefender] 2011-11-16 Gen:Variant.Graftor.1148 [Panda Antivirus] 2011-11-16 Found nothing [ClamAV] 2011-11-17 Found nothing [Quick Heal] 2011-11-16 Found nothing [CPsecure] 2011-11-17 Found nothing [sophos] 2011-11-17 Found nothing [Dr.Web] 2011-11-17 Found nothing [VirusBlokAda VBA32] 2011-11-15 Found nothing [Emsisoft Anti-Malware] 2011-11-17 Win32.SuspectCrc!IK [VirusBuster] 2011-11-16 Found nothing [ESET] 2011-11-16 Found nothing
  5. bigakita
    Still getting the occasional redirect. ComboFix 11-11-16.02 - John 11/16/2011 16:28:12.7.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.984 [GMT -8:00] Running from: c:\combofix\ComboFix.exe Command switches used :: c:\users\John\Desktop\CFScript.txt AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\CE870 c:\program files (x86)\CE870\lvvm.exe c:\users\John\AppData\Roaming\FA6CE c:\users\John\AppData\Roaming\Google\{0B8D6FDE-D846-4DFD-A423-3F3D1E4BAA0A}\LicenseValidator.exe . . ((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 ))))))))))))))))))))))))))))))) . . 2011-11-17 01:02 . 2011-11-17 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-16 23:51 . 2011-11-16 23:51 1117 ----a-w- c:\windows\~clD12D.tmp 2011-11-16 22:47 . 2011-11-16 22:47 442368 --sh--w- c:\program files (x86)\Common Files\mhik.exe 2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio 2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai 2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut 2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut 2011-11-09 04:23 . 2011-11-16 04:39 -------- d-----w- c:\programdata\Kaspersky Lab 2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll 2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2 2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd 2011-10-22 01:05 . 2011-11-16 01:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-10-22 01:04 . 2011-11-16 01:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-10-22 01:04 . 2011-11-16 01:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-16 01:30 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe 2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe 2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys 2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys 2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-16 22:47 . 2011-11-16 22:47 49129 c:\windows\SysWOW64\winlog.dat + 2009-07-14 04:54 . 2011-11-16 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-16 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-16 23:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-11-17 01:07 38812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-07-04 07:13 . 2011-11-17 01:07 17968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin + 2010-06-30 17:11 . 2011-11-16 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-30 17:11 . 2011-11-11 23:56 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-30 17:11 . 2011-11-11 23:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-06-30 17:11 . 2011-11-16 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-11-16 21:08 . 2011-11-16 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011111620111117\index.dat + 2009-07-14 04:54 . 2011-11-16 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-16 21:08 . 2011-11-16 21:08 49120 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT + 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi + 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-17 01:05 . 2011-11-17 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-17 01:05 . 2011-11-17 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-07-01 05:57 . 2011-11-16 22:29 347908 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat - 2011-08-27 23:51 . 2011-11-09 03:02 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-27 23:51 . 2011-11-16 14:12 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-11-17 01:04 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-10 22:49 . 2011-11-17 01:04 5265292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat - 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-11-16 23:40 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376] "Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680] "cftmon"="c:\program files (x86)\Common Files\mhik.exe" [2011-11-16 442368] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608] "Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136] "FAStartup"="" [bU] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880] _uninst_42015122.lnk - c:\users\John\AppData\Local\Temp\_uninst_42015122.bat [N/A] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384] S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616] S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328] S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824] S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752] S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x] S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728] "EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:50242 uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50242 FF - prefs.js: network.proxy.ssl - 72.44.82.146 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS REMOVED - - - - . BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-KeApplet - c:\users\John\AppData\Roaming\Google\{0B8D6FDE-D846-4DFD-A423-3F3D1E4BAA0A}\LicenseValidator.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\system32\DRIVERS\o2flash.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Microsoft\BingBar\BingBar.exe c:\program files (x86)\Microsoft\BingBar\BingApp.exe . ************************************************************************** . Completion time: 2011-11-16 17:26:12 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-17 01:26 ComboFix2.txt 2011-11-16 16:09 ComboFix3.txt 2011-11-16 01:09 ComboFix4.txt 2011-11-15 04:26 ComboFix5.txt 2011-11-17 00:20 . Pre-Run: 226,818,342,912 bytes free Post-Run: 229,659,213,824 bytes free . - - End Of File - - 452AEE5B867A26CAA83CCBF401FA53DC
  6. bigakita
    Hello, I recognize the programs. Could not get ESET to run. Still getting hijacked in both IE and Firefox. thanks, JV ComboFix 11-11-15.06 - John 11/16/2011 6:58.6.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2144 [GMT -8:00] Running from: c:\users\John\Desktop\ComboFix.exe Command switches used :: c:\users\John\Desktop\CFScript.txt AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\LP c:\program files (x86)\LP\227F\464.tmp c:\program files (x86)\LP\227F\5169.tmp c:\program files (x86)\LP\227F\6C87.tmp c:\program files (x86)\LP\227F\77FE.tmp c:\program files (x86)\LP\227F\92A1.tmp c:\program files (x86)\LP\227F\F826.tmp . . ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 ))))))))))))))))))))))))))))))) . . 2011-11-16 15:33 . 2011-11-16 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-16 01:12 . 2011-11-16 14:15 -------- d-----w- c:\program files (x86)\CE870 2011-11-16 01:12 . 2011-11-16 01:12 -------- d-----w- c:\users\John\AppData\Roaming\FA6CE 2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio 2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai 2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut 2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut 2011-11-09 04:23 . 2011-11-16 04:39 -------- d-----w- c:\programdata\Kaspersky Lab 2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll 2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2 2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd 2011-10-22 01:05 . 2011-11-16 01:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-10-22 01:04 . 2011-11-16 01:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-10-22 01:04 . 2011-11-16 01:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-16 01:30 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe 2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe 2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys 2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys 2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-11-16 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-16 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-11-16 15:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-11-16 14:19 38570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-07-04 07:13 . 2011-11-16 00:50 17552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin + 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi + 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-16 15:36 . 2011-11-16 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-16 15:36 . 2011-11-16 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-07-01 05:57 . 2011-11-15 12:54 347668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat - 2011-08-27 23:51 . 2011-11-09 03:02 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-27 23:51 . 2011-11-16 14:12 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2011-11-16 15:35 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-10 22:49 . 2011-11-16 15:35 5118852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat - 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-11-16 15:50 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376] "Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608] "Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136] "FAStartup"="" [bU] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880] _uninst_42015122.lnk - c:\users\John\AppData\Local\Temp\_uninst_42015122.bat [N/A] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384] S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616] S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328] S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824] S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752] S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x] S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728] "EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:50242 uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 57050 FF - prefs.js: network.proxy.ssl - 72.44.82.146 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS REMOVED - - - - . BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\system32\DRIVERS\o2flash.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Microsoft\BingBar\BingBar.exe c:\program files (x86)\Microsoft\BingBar\BingApp.exe c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe . ************************************************************************** . Completion time: 2011-11-16 08:09:01 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-16 16:08 ComboFix2.txt 2011-11-16 01:09 ComboFix3.txt 2011-11-15 04:26 ComboFix4.txt 2011-11-13 07:33 ComboFix5.txt 2011-11-16 14:50 . Pre-Run: 230,661,746,688 bytes free Post-Run: 230,775,173,120 bytes free . - - End Of File - - DEA3A5B74D51393E2F8803CA8220611C Status: Deleted (events: 34) 11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{18034DC4-1A6D-4B18-A10D-FA445E0A8064}_ENC2 High 11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{18034DC4-1A6D-4B18-A10D-FA445E0A8064}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{15B19923-CC84-4FB2-A452-3980F93B1061}_ENC2 High 11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{15B19923-CC84-4FB2-A452-3980F93B1061}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{20D2A4F2-A097-434D-9D6C-D73A93829B51}_ENC2 High 11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{20D2A4F2-A097-434D-9D6C-D73A93829B51}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{21ED7D59-E947-4EA2-863C-ECA945C0129B}_ENC2 High 11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{21ED7D59-E947-4EA2-863C-ECA945C0129B}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:06 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{2A6E8C3D-0F80-4271-89C7-C8F5FC72A723}_ENC2 High 11/15/2011 9:03:06 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{2A6E8C3D-0F80-4271-89C7-C8F5FC72A723}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:08 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{363EBE25-DA9F-4AFD-B0D0-81DF9E729142}_ENC2 High 11/15/2011 9:03:08 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{363EBE25-DA9F-4AFD-B0D0-81DF9E729142}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:13 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{3FE6B6D0-A0D4-4681-B975-64FA365D1AE9}_ENC2 High 11/15/2011 9:03:13 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{3FE6B6D0-A0D4-4681-B975-64FA365D1AE9}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:22 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{7ACDC400-3731-42F7-99C5-41122749B3BD}_ENC2 High 11/15/2011 9:03:18 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{A73A933C-A5EA-4994-AE64-261D7E62126E}_ENC2 High 11/15/2011 9:03:18 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{A73A933C-A5EA-4994-AE64-261D7E62126E}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:09:21 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-1ba2c8d1 High 11/15/2011 9:09:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-4cbf6e44 High 11/15/2011 9:09:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-4de7a1c1 High 11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-58ab123e High 11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-704024e0 High 11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-72112017 High 11/15/2011 9:09:43 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsl C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\592c988d-390cff99 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-355d4be3 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-3d9f5d02 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-4c73f2ac High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5dffa626 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5ec67f94 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-668b1e2a High 11/15/2011 9:09:52 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-1b963022 High 11/15/2011 9:09:52 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-435d9649 High 11/16/2011 6:23:45 AM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsv C:\Program Files (x86)\CE870\lvvm.exe High 11/16/2011 6:23:45 AM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsl C:\Program Files (x86)\LP\227F\619.exe High Status: Absent (events: 2) 11/15/2011 9:04:03 PM Not found Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{7ACDC400-3731-42F7-99C5-41122749B3BD}_ENC2//PE-Crypt.XorPE High 11/16/2011 6:24:03 AM Not found Trojan program Trojan.Win32.Jorik.Downloader.lw C:\Program Files (x86)\LP\227F\704F.tmp High Status: Disinfected (events: 18) 11/15/2011 9:09:26 PM Disinfected Trojan program Exploit.Java.CVE-2010-0842.o C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5767c64c-12ba39e9 High 11/15/2011 9:09:26 PM Disinfected Trojan program Exploit.Java.CVE-2010-0842.o C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5767c64c-12ba39e9/a.class High 11/15/2011 9:09:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d237503-4b0d3fbf High 11/15/2011 9:09:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d237503-4b0d3fbf/bingo/nikon.class High 11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cu C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2dc5a3ae-72a6ec46 High 11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cu C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2dc5a3ae-72a6ec46/folder/Glocker.class High 11/15/2011 9:09:52 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5a220905-53ddb49f High 11/15/2011 9:09:52 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5a220905-53ddb49f/bingo/nikon.class High 11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\17390232-31e5b1b8 High 11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\17390232-31e5b1b8/Start.class High 11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\1fd93878-3d1b420a High 11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\1fd93878-3d1b420a/bingo/nikon.class High 11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5ffcab9-41b244c1 High 11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5ffcab9-41b244c1/Start.class High 11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.en C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\485c8386-5d59f05d High 11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.en C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\485c8386-5d59f05d/json/Parser.class High 11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5fe2eefe-6a5b7262 High 11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5fe2eefe-6a5b7262/Start.class High Status: Vulnerability (events: 3) 11/15/2011 10:46:18 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46512 C:\Program Files\Java\jre6\bin\java.exe Low 11/15/2011 10:52:00 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46512 C:\Program Files (x86)\Java\jre6\bin\java.exe Low 11/16/2011 6:00:35 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/46339 c:\Program Files (x86)\iTunes\iTunes.exe Low
  7. bigakita
    Google searches are still getting redirected. ComboFix 11-11-15.06 - John 11/15/2011 16:12:54.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2218 [GMT -8:00] Running from: c:\users\John\Desktop\ComboFix.exe Command switches used :: c:\users\John\Desktop\CFScript.txt AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\drivers\97033634.sys" "c:\windows\SYSWOW64\drivers\97033634.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_97033634 . . ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 ))))))))))))))))))))))))))))))) . . 2011-11-16 00:44 . 2011-11-16 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio 2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai 2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut 2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut 2011-11-09 04:23 . 2011-11-12 22:17 -------- d-----w- c:\programdata\Kaspersky Lab 2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll 2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2 2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd 2011-10-22 01:05 . 2011-10-22 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-10-22 01:04 . 2011-10-22 01:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-10-22 01:04 . 2011-10-22 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1 2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-12 00:37 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe 2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe 2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys 2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys 2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-11-16 00:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-16 00:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-11-16 00:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-11-16 00:50 38468 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-07-04 07:13 . 2011-11-16 00:50 17552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin + 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi + 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-16 00:47 . 2011-11-16 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-16 00:47 . 2011-11-16 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-07-01 05:57 . 2011-11-15 12:54 347668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-11-16 00:46 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-10 22:49 . 2011-11-16 00:47 3979152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat - 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-11-15 13:17 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376] "Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608] "Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136] "FAStartup"="" [bU] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384] S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616] S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328] S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824] S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752] S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x] S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728] "EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280] "combofix"="c:\combofix\CF22415.3XE" [2009-07-14 344576] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ uInternet Settings,ProxyServer = 171.66.3.181:3128 uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - prefs.js: network.proxy.http - 211.222.202.109 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.ssl - 72.44.82.146 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\system32\DRIVERS\o2flash.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Microsoft\BingBar\BingBar.exe c:\program files (x86)\Microsoft\BingBar\BingApp.exe . ************************************************************************** . Completion time: 2011-11-15 17:09:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-16 01:09 ComboFix2.txt 2011-11-15 04:26 ComboFix3.txt 2011-11-13 07:33 ComboFix4.txt 2011-11-11 21:16 ComboFix5.txt 2011-11-16 00:05 . Pre-Run: 231,265,148,928 bytes free Post-Run: 231,351,111,680 bytes free . - - End Of File - - CF5F74289D0EEBC88E85D50272F0C2B7
  8. bigakita
    19:07:36.0171 7012 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15 19:07:36.0507 7012 ============================================================ 19:07:36.0507 7012 Current date / time: 2011/11/14 19:07:36.0507 19:07:36.0507 7012 SystemInfo: 19:07:36.0507 7012 19:07:36.0507 7012 OS Version: 6.1.7600 ServicePack: 0.0 19:07:36.0507 7012 Product type: Workstation 19:07:36.0508 7012 ComputerName: JOHN-PC 19:07:36.0508 7012 UserName: John 19:07:36.0508 7012 Windows directory: C:\Windows 19:07:36.0508 7012 System windows directory: C:\Windows 19:07:36.0508 7012 Running under WOW64 19:07:36.0508 7012 Processor architecture: Intel x64 19:07:36.0508 7012 Number of processors: 4 19:07:36.0508 7012 Page size: 0x1000 19:07:36.0508 7012 Boot type: Normal boot 19:07:36.0508 7012 ============================================================ 19:07:37.0926 7012 Initialize success 19:08:03.0827 2708 ============================================================ 19:08:03.0827 2708 Scan started 19:08:03.0827 2708 Mode: Manual; 19:08:03.0827 2708 ============================================================ 19:08:06.0890 2708 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys 19:08:06.0899 2708 1394ohci - ok 19:08:06.0936 2708 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys 19:08:06.0948 2708 Acceler - ok 19:08:06.0987 2708 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 19:08:06.0993 2708 ACPI - ok 19:08:07.0022 2708 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 19:08:07.0044 2708 AcpiPmi - ok 19:08:07.0088 2708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:08:07.0111 2708 adp94xx - ok 19:08:07.0175 2708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:08:07.0203 2708 adpahci - ok 19:08:07.0213 2708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:08:07.0251 2708 adpu320 - ok 19:08:07.0300 2708 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 19:08:07.0303 2708 AFD - ok 19:08:07.0313 2708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 19:08:07.0329 2708 agp440 - ok 19:08:07.0344 2708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 19:08:07.0361 2708 aliide - ok 19:08:07.0370 2708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 19:08:07.0377 2708 amdide - ok 19:08:07.0385 2708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:08:07.0399 2708 AmdK8 - ok 19:08:07.0409 2708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:08:07.0435 2708 AmdPPM - ok 19:08:07.0454 2708 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 19:08:07.0472 2708 amdsata - ok 19:08:07.0487 2708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:08:07.0518 2708 amdsbs - ok 19:08:07.0567 2708 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 19:08:07.0573 2708 amdxata - ok 19:08:07.0605 2708 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 19:08:07.0623 2708 AppID - ok 19:08:07.0647 2708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:08:07.0653 2708 arc - ok 19:08:07.0664 2708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:08:07.0675 2708 arcsas - ok 19:08:07.0700 2708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:08:07.0714 2708 AsyncMac - ok 19:08:07.0733 2708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 19:08:07.0740 2708 atapi - ok 19:08:07.0788 2708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:08:07.0802 2708 b06bdrv - ok 19:08:07.0819 2708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:08:07.0841 2708 b57nd60a - ok 19:08:07.0867 2708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:08:07.0878 2708 Beep - ok 19:08:07.0911 2708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:08:07.0915 2708 blbdrive - ok 19:08:07.0958 2708 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 19:08:07.0963 2708 bowser - ok 19:08:07.0972 2708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:08:07.0985 2708 BrFiltLo - ok 19:08:07.0994 2708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:08:07.0997 2708 BrFiltUp - ok 19:08:08.0011 2708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:08:08.0028 2708 Brserid - ok 19:08:08.0037 2708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:08:08.0048 2708 BrSerWdm - ok 19:08:08.0058 2708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:08:08.0066 2708 BrUsbMdm - ok 19:08:08.0077 2708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:08:08.0086 2708 BrUsbSer - ok 19:08:08.0123 2708 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 19:08:08.0129 2708 BthEnum - ok 19:08:08.0143 2708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:08:08.0160 2708 BTHMODEM - ok 19:08:08.0185 2708 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 19:08:08.0188 2708 BthPan - ok 19:08:08.0227 2708 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys 19:08:08.0251 2708 BTHPORT - ok 19:08:08.0280 2708 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys 19:08:08.0286 2708 BTHUSB - ok 19:08:08.0322 2708 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys 19:08:08.0330 2708 btwaudio - ok 19:08:08.0356 2708 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys 19:08:08.0365 2708 btwavdt - ok 19:08:08.0395 2708 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 19:08:08.0406 2708 btwl2cap - ok 19:08:08.0427 2708 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys 19:08:08.0430 2708 btwrchid - ok 19:08:08.0551 2708 catchme - ok 19:08:08.0569 2708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:08:08.0587 2708 cdfs - ok 19:08:08.0605 2708 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 19:08:08.0625 2708 cdrom - ok 19:08:08.0654 2708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:08:08.0671 2708 circlass - ok 19:08:08.0713 2708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:08:08.0718 2708 CLFS - ok 19:08:08.0759 2708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:08:08.0773 2708 CmBatt - ok 19:08:08.0786 2708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 19:08:08.0796 2708 cmdide - ok 19:08:08.0834 2708 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 19:08:08.0852 2708 CNG - ok 19:08:08.0875 2708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:08:09.0249 2708 Compbatt - ok 19:08:09.0264 2708 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 19:08:09.0277 2708 CompositeBus - ok 19:08:09.0294 2708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:08:09.0307 2708 crcdisk - ok 19:08:09.0351 2708 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 19:08:09.0372 2708 CtClsFlt - ok 19:08:09.0403 2708 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys 19:08:09.0424 2708 dc3d - ok 19:08:09.0504 2708 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 19:08:09.0511 2708 DfsC - ok 19:08:09.0551 2708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:08:09.0557 2708 discache - ok 19:08:09.0587 2708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:08:09.0603 2708 Disk - ok 19:08:09.0642 2708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:08:09.0659 2708 drmkaud - ok 19:08:09.0715 2708 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 19:08:09.0749 2708 DXGKrnl - ok 19:08:09.0854 2708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:08:09.0950 2708 ebdrv - ok 19:08:09.0984 2708 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys 19:08:09.0994 2708 ElRawDisk - ok 19:08:10.0024 2708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:08:10.0051 2708 elxstor - ok 19:08:10.0063 2708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 19:08:10.0074 2708 ErrDev - ok 19:08:10.0112 2708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:08:10.0126 2708 exfat - ok 19:08:10.0154 2708 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys 19:08:10.0164 2708 FACAP - ok 19:08:10.0192 2708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:08:10.0207 2708 fastfat - ok 19:08:10.0220 2708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:08:10.0232 2708 fdc - ok 19:08:10.0262 2708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:08:10.0276 2708 FileInfo - ok 19:08:10.0298 2708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:08:10.0308 2708 Filetrace - ok 19:08:10.0319 2708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:08:10.0332 2708 flpydisk - ok 19:08:10.0353 2708 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 19:08:10.0360 2708 FltMgr - ok 19:08:10.0375 2708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:08:10.0380 2708 FsDepends - ok 19:08:10.0394 2708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:08:10.0409 2708 Fs_Rec - ok 19:08:10.0447 2708 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:08:10.0453 2708 fvevol - ok 19:08:10.0466 2708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:08:10.0480 2708 gagp30kx - ok 19:08:10.0516 2708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:08:10.0521 2708 GEARAspiWDM - ok 19:08:10.0544 2708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:08:10.0557 2708 hcw85cir - ok 19:08:10.0588 2708 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:08:10.0593 2708 HDAudBus - ok 19:08:10.0633 2708 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 19:08:10.0646 2708 HECIx64 - ok 19:08:10.0654 2708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:08:10.0666 2708 HidBatt - ok 19:08:10.0676 2708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:08:10.0681 2708 HidBth - ok 19:08:10.0690 2708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:08:10.0696 2708 HidIr - ok 19:08:10.0717 2708 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 19:08:10.0722 2708 HidUsb - ok 19:08:10.0740 2708 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 19:08:10.0751 2708 HpSAMD - ok 19:08:10.0781 2708 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 19:08:10.0786 2708 HTTP - ok 19:08:10.0803 2708 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 19:08:10.0804 2708 hwpolicy - ok 19:08:10.0839 2708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 19:08:10.0857 2708 i8042prt - ok 19:08:10.0904 2708 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 19:08:10.0930 2708 iaStorV - ok 19:08:11.0143 2708 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys 19:08:11.0664 2708 igfx - ok 19:08:11.0834 2708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:08:11.0855 2708 iirsp - ok 19:08:11.0891 2708 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 19:08:11.0908 2708 Impcd - ok 19:08:11.0948 2708 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys 19:08:11.0979 2708 IntcDAud - ok 19:08:12.0004 2708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 19:08:12.0020 2708 intelide - ok 19:08:12.0042 2708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:08:12.0044 2708 intelppm - ok 19:08:12.0067 2708 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:08:12.0083 2708 IpFilterDriver - ok 19:08:12.0096 2708 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 19:08:12.0108 2708 IPMIDRV - ok 19:08:12.0118 2708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:08:12.0129 2708 IPNAT - ok 19:08:12.0142 2708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:08:12.0151 2708 IRENUM - ok 19:08:12.0161 2708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 19:08:12.0170 2708 isapnp - ok 19:08:12.0195 2708 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 19:08:12.0218 2708 iScsiPrt - ok 19:08:12.0230 2708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:08:12.0239 2708 kbdclass - ok 19:08:12.0261 2708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 19:08:12.0273 2708 kbdhid - ok 19:08:12.0301 2708 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 19:08:12.0309 2708 KSecDD - ok 19:08:12.0350 2708 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 19:08:12.0366 2708 KSecPkg - ok 19:08:12.0388 2708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:08:12.0402 2708 ksthunk - ok 19:08:12.0439 2708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:08:12.0455 2708 lltdio - ok 19:08:12.0490 2708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:08:12.0512 2708 LSI_FC - ok 19:08:12.0522 2708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:08:12.0527 2708 LSI_SAS - ok 19:08:12.0536 2708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:08:12.0551 2708 LSI_SAS2 - ok 19:08:12.0562 2708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:08:12.0567 2708 LSI_SCSI - ok 19:08:12.0584 2708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:08:12.0599 2708 luafv - ok 19:08:12.0615 2708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:08:12.0627 2708 megasas - ok 19:08:12.0656 2708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:08:12.0680 2708 MegaSR - ok 19:08:12.0700 2708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:08:12.0707 2708 Modem - ok 19:08:12.0722 2708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:08:12.0723 2708 monitor - ok 19:08:12.0763 2708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:08:12.0768 2708 mouclass - ok 19:08:12.0781 2708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:08:12.0788 2708 mouhid - ok 19:08:12.0809 2708 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 19:08:12.0810 2708 mountmgr - ok 19:08:12.0820 2708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 19:08:12.0842 2708 mpio - ok 19:08:12.0877 2708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:08:12.0892 2708 mpsdrv - ok 19:08:12.0905 2708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 19:08:12.0921 2708 MRxDAV - ok 19:08:12.0965 2708 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:08:12.0981 2708 mrxsmb - ok 19:08:13.0013 2708 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:08:13.0032 2708 mrxsmb10 - ok 19:08:13.0057 2708 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:08:13.0065 2708 mrxsmb20 - ok 19:08:13.0107 2708 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys 19:08:13.0134 2708 msahci - ok 19:08:13.0148 2708 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 19:08:13.0155 2708 msdsm - ok 19:08:13.0199 2708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:08:13.0211 2708 Msfs - ok 19:08:13.0221 2708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:08:13.0226 2708 mshidkmdf - ok 19:08:13.0250 2708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 19:08:13.0254 2708 msisadrv - ok 19:08:13.0282 2708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:08:13.0302 2708 MSKSSRV - ok 19:08:13.0311 2708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:08:13.0320 2708 MSPCLOCK - ok 19:08:13.0331 2708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:08:13.0341 2708 MSPQM - ok 19:08:13.0372 2708 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 19:08:13.0384 2708 MsRPC - ok 19:08:13.0402 2708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 19:08:13.0404 2708 mssmbios - ok 19:08:13.0417 2708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:08:13.0423 2708 MSTEE - ok 19:08:13.0444 2708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:08:13.0468 2708 MTConfig - ok 19:08:13.0492 2708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:08:13.0505 2708 Mup - ok 19:08:13.0537 2708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:08:13.0545 2708 NativeWifiP - ok 19:08:13.0572 2708 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 19:08:13.0577 2708 NDIS - ok 19:08:13.0595 2708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:08:13.0605 2708 NdisCap - ok 19:08:13.0784 2708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:08:13.0801 2708 NdisTapi - ok 19:08:13.0826 2708 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 19:08:13.0832 2708 Ndisuio - ok 19:08:13.0857 2708 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 19:08:13.0872 2708 NdisWan - ok 19:08:13.0893 2708 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 19:08:13.0899 2708 NDProxy - ok 19:08:13.0926 2708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:08:13.0944 2708 NetBIOS - ok 19:08:13.0975 2708 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 19:08:13.0977 2708 NetBT - ok 19:08:14.0186 2708 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys 19:08:14.0383 2708 NETw5s64 - ok 19:08:14.0413 2708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:08:14.0418 2708 nfrd960 - ok 19:08:14.0448 2708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:08:14.0458 2708 Npfs - ok 19:08:14.0486 2708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:08:14.0486 2708 nsiproxy - ok 19:08:14.0561 2708 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 19:08:14.0617 2708 Ntfs - ok 19:08:14.0649 2708 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys 19:08:14.0662 2708 NuidFltr - ok 19:08:14.0683 2708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:08:14.0689 2708 Null - ok 19:08:14.0702 2708 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 19:08:14.0714 2708 nvraid - ok 19:08:14.0730 2708 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 19:08:14.0743 2708 nvstor - ok 19:08:14.0759 2708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 19:08:14.0775 2708 nv_agp - ok 19:08:14.0811 2708 O2MDGRDR (8c2953537ca19dfaa67d612407e0f33e) C:\Windows\system32\DRIVERS\o2mdgx64.sys 19:08:14.0819 2708 O2MDGRDR - ok 19:08:14.0846 2708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 19:08:14.0860 2708 ohci1394 - ok 19:08:14.0884 2708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:08:14.0898 2708 Parport - ok 19:08:14.0918 2708 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 19:08:14.0924 2708 partmgr - ok 19:08:14.0966 2708 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 19:08:14.0986 2708 pci - ok 19:08:15.0008 2708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 19:08:15.0024 2708 pciide - ok 19:08:15.0040 2708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:08:15.0052 2708 pcmcia - ok 19:08:15.0101 2708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:08:15.0111 2708 pcw - ok 19:08:15.0160 2708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:08:15.0176 2708 PEAUTH - ok 19:08:15.0222 2708 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 19:08:15.0236 2708 PptpMiniport - ok 19:08:15.0246 2708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:08:15.0260 2708 Processor - ok 19:08:15.0286 2708 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 19:08:15.0287 2708 Psched - ok 19:08:15.0318 2708 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 19:08:15.0325 2708 PxHlpa64 - ok 19:08:15.0377 2708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:08:15.0425 2708 ql2300 - ok 19:08:15.0438 2708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:08:15.0443 2708 ql40xx - ok 19:08:15.0457 2708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:08:15.0463 2708 QWAVEdrv - ok 19:08:15.0490 2708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:08:15.0509 2708 RasAcd - ok 19:08:15.0527 2708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:08:15.0533 2708 RasAgileVpn - ok 19:08:15.0563 2708 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:08:15.0579 2708 Rasl2tp - ok 19:08:15.0600 2708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:08:15.0613 2708 RasPppoe - ok 19:08:15.0629 2708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:08:15.0642 2708 RasSstp - ok 19:08:15.0668 2708 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 19:08:15.0682 2708 rdbss - ok 19:08:15.0697 2708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:08:15.0705 2708 rdpbus - ok 19:08:15.0727 2708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:08:15.0728 2708 RDPCDD - ok 19:08:15.0748 2708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:08:15.0749 2708 RDPENCDD - ok 19:08:15.0768 2708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:08:15.0769 2708 RDPREFMP - ok 19:08:15.0780 2708 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 19:08:15.0948 2708 RDPWD - ok 19:08:15.0977 2708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 19:08:15.0990 2708 rdyboost - ok 19:08:16.0030 2708 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 19:08:16.0046 2708 RFCOMM - ok 19:08:16.0102 2708 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys 19:08:16.0110 2708 RsFx0103 - ok 19:08:16.0124 2708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:08:16.0147 2708 rspndr - ok 19:08:16.0176 2708 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys 19:08:16.0187 2708 RTL8167 - ok 19:08:16.0339 2708 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 19:08:16.0344 2708 SASDIFSV - ok 19:08:16.0376 2708 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 19:08:16.0381 2708 SASKUTIL - ok 19:08:16.0427 2708 sbapifs (cd50ffb4c803c06d21ce3569489b7929) C:\Windows\system32\DRIVERS\sbapifs.sys 19:08:16.0441 2708 sbapifs - ok 19:08:16.0458 2708 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 19:08:16.0475 2708 sbp2port - ok 19:08:16.0516 2708 SBRE (2f58125ad1bb90959f9634c7ac36d230) C:\Windows\system32\drivers\SBREdrv.sys 19:08:16.0523 2708 SBRE - ok 19:08:16.0574 2708 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys 19:08:16.0587 2708 SbTis - ok 19:08:16.0614 2708 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 19:08:16.0634 2708 scfilter - ok 19:08:16.0669 2708 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys 19:08:16.0849 2708 sdbus - ok 19:08:16.0893 2708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:08:16.0907 2708 secdrv - ok 19:08:16.0933 2708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:08:16.0940 2708 Serenum - ok 19:08:16.0950 2708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:08:16.0954 2708 Serial - ok 19:08:16.0963 2708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:08:16.0982 2708 sermouse - ok 19:08:17.0002 2708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 19:08:17.0012 2708 sffdisk - ok 19:08:17.0026 2708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 19:08:17.0030 2708 sffp_mmc - ok 19:08:17.0039 2708 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 19:08:17.0042 2708 sffp_sd - ok 19:08:17.0051 2708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:08:17.0059 2708 sfloppy - ok 19:08:17.0082 2708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:08:17.0090 2708 SiSRaid2 - ok 19:08:17.0099 2708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:08:17.0111 2708 SiSRaid4 - ok 19:08:17.0138 2708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:08:17.0152 2708 Smb - ok 19:08:17.0192 2708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:08:17.0197 2708 spldr - ok 19:08:17.0256 2708 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 19:08:17.0270 2708 srv - ok 19:08:17.0310 2708 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 19:08:17.0326 2708 srv2 - ok 19:08:17.0372 2708 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 19:08:17.0384 2708 srvnet - ok 19:08:17.0407 2708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:08:17.0411 2708 stexstor - ok 19:08:17.0439 2708 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys 19:08:17.0463 2708 STHDA - ok 19:08:17.0479 2708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 19:08:17.0485 2708 swenum - ok 19:08:17.0530 2708 SynTP (39d4b4343ba70e4b32c4531bd075b9f6) C:\Windows\system32\DRIVERS\SynTP.sys 19:08:17.0566 2708 SynTP - ok 19:08:17.0646 2708 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 19:08:17.0768 2708 Tcpip - ok 19:08:17.0808 2708 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 19:08:17.0826 2708 TCPIP6 - ok 19:08:17.0846 2708 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 19:08:17.0861 2708 tcpipreg - ok 19:08:17.0873 2708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:08:17.0877 2708 TDPIPE - ok 19:08:17.0887 2708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 19:08:17.0899 2708 TDTCP - ok 19:08:17.0915 2708 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 19:08:17.0930 2708 tdx - ok 19:08:17.0948 2708 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 19:08:18.0126 2708 TermDD - ok 19:08:18.0188 2708 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:08:18.0203 2708 tssecsrv - ok 19:08:18.0222 2708 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 19:08:18.0234 2708 tunnel - ok 19:08:18.0257 2708 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 19:08:18.0684 2708 TurboB - ok 19:08:18.0695 2708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:08:18.0699 2708 uagp35 - ok 19:08:18.0729 2708 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys 19:08:18.0953 2708 udfs - ok 19:08:18.0969 2708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 19:08:19.0002 2708 uliagpkx - ok 19:08:19.0023 2708 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 19:08:19.0037 2708 umbus - ok 19:08:19.0048 2708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:08:19.0056 2708 UmPass - ok 19:08:19.0093 2708 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 19:08:19.0110 2708 usbaudio - ok 19:08:19.0149 2708 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 19:08:19.0166 2708 usbccgp - ok 19:08:19.0190 2708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 19:08:19.0197 2708 usbcir - ok 19:08:19.0223 2708 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys 19:08:19.0229 2708 usbehci - ok 19:08:19.0265 2708 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 19:08:19.0285 2708 usbhub - ok 19:08:19.0312 2708 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys 19:08:19.0319 2708 usbohci - ok 19:08:19.0333 2708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:08:19.0347 2708 usbprint - ok 19:08:19.0373 2708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 19:08:19.0390 2708 usbscan - ok 19:08:19.0417 2708 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:08:19.0437 2708 USBSTOR - ok 19:08:19.0450 2708 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 19:08:19.0464 2708 usbuhci - ok 19:08:19.0496 2708 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys 19:08:19.0513 2708 usbvideo - ok 19:08:19.0571 2708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 19:08:19.0575 2708 vdrvroot - ok 19:08:19.0587 2708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:08:19.0599 2708 vga - ok 19:08:19.0614 2708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:08:19.0617 2708 VgaSave - ok 19:08:19.0629 2708 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 19:08:19.0643 2708 vhdmp - ok 19:08:19.0653 2708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 19:08:19.0665 2708 viaide - ok 19:08:19.0684 2708 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 19:08:19.0699 2708 volmgr - ok 19:08:19.0725 2708 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 19:08:19.0727 2708 volmgrx - ok 19:08:19.0751 2708 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 19:08:19.0762 2708 volsnap - ok 19:08:19.0775 2708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:08:19.0783 2708 vsmraid - ok 19:08:19.0805 2708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:08:19.0817 2708 vwifibus - ok 19:08:19.0841 2708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:08:19.0847 2708 vwififlt - ok 19:08:19.0868 2708 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 19:08:19.0869 2708 vwifimp - ok 19:08:19.0887 2708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:08:19.0892 2708 WacomPen - ok 19:08:19.0911 2708 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:08:19.0924 2708 WANARP - ok 19:08:19.0928 2708 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:08:19.0932 2708 Wanarpv6 - ok 19:08:19.0953 2708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:08:19.0961 2708 Wd - ok 19:08:19.0989 2708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:08:20.0016 2708 Wdf01000 - ok 19:08:20.0053 2708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:08:20.0058 2708 WfpLwf - ok 19:08:20.0080 2708 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 19:08:20.0102 2708 WimFltr - ok 19:08:20.0126 2708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:08:20.0305 2708 WIMMount - ok 19:08:20.0366 2708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:08:20.0368 2708 WmiAcpi - ok 19:08:20.0401 2708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:08:20.0420 2708 ws2ifsl - ok 19:08:20.0484 2708 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys 19:08:20.0707 2708 WudfPf - ok 19:08:20.0747 2708 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:08:20.0946 2708 WUDFRd - ok 19:08:20.0974 2708 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 19:08:20.0987 2708 \Device\Harddisk0\DR0 - ok 19:08:20.0991 2708 Boot (0x1200) (47a2b6601a482770db82e6c7c1fb0314) \Device\Harddisk0\DR0\Partition0 19:08:20.0992 2708 \Device\Harddisk0\DR0\Partition0 - ok 19:08:21.0004 2708 Boot (0x1200) (6a6b0afbb8807427dc183bf4c2febbff) \Device\Harddisk0\DR0\Partition1 19:08:21.0005 2708 \Device\Harddisk0\DR0\Partition1 - ok 19:08:21.0006 2708 ============================================================ 19:08:21.0006 2708 Scan finished 19:08:21.0006 2708 ============================================================ 19:08:21.0115 1092 Detected object count: 0 19:08:21.0115 1092 Actual detected object count: 0 Results of screen317's Security Check version 0.99.26 Windows 7 x64 (UAC is disabled!) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! VIPRE Antivirus iolo technologies' System Mechanic WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 22 Out of date Java installed! Mozilla Firefox (8.0.) ```````````````````````````````` Process Check: objlist.exe by Laurent iolo Common Lib ioloServiceManager.exe ``````````End of Log```````````` I was getting unknown music and search hijacks before running the above. So symptoms as we speak. JV
  9. bigakita
    Thanks for your help D-FRED-BROWN ComboFix 11-11-14.03 - John 11/14/2011 19:34:21.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1681 [GMT -8:00] Running from: c:\users\John\Desktop\ComboFix.exe AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 ))))))))))))))))))))))))))))))) . . 2011-11-15 04:06 . 2011-11-15 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio 2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai 2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut 2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut 2011-11-09 04:23 . 2011-11-12 22:17 -------- d-----w- c:\programdata\Kaspersky Lab 2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll 2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2 2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd 2011-10-22 01:05 . 2011-10-22 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-10-22 01:04 . 2011-10-22 01:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-10-22 01:04 . 2011-10-22 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1 2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-12 00:37 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe 2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe 2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys 2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys 2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-08-17 05:32 . 2011-10-12 05:51 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-08-17 05:27 . 2011-10-12 05:51 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-08-17 05:27 . 2011-10-12 05:51 75776 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-08-17 05:27 . 2011-10-12 05:51 288256 ----a-w- c:\windows\system32\MSNP.ax 2011-08-17 05:27 . 2011-10-12 05:51 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-08-17 04:26 . 2011-10-12 05:51 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-08-17 04:22 . 2011-10-12 05:51 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-08-17 04:22 . 2011-10-12 05:51 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax 2011-08-17 04:22 . 2011-10-12 05:51 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax 2011-08-17 04:22 . 2011-10-12 05:51 204288 ----a-w- c:\windows\SysWow64\MSNP.ax . . ((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-11-15 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-15 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-11-15 01:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-11-15 01:01 38372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi + 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-15 00:59 . 2011-11-15 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-15 00:59 . 2011-11-15 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-07-01 05:57 . 2011-11-14 17:33 347196 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-15 01:05 727974 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-15 01:05 147114 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-11-15 00:57 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-10 22:49 . 2011-11-15 00:57 3543172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat - 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-11-15 01:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376] "Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608] "Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136] "FAStartup"="" [bU] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384] S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616] S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328] S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824] S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752] S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x] S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 97033634 *Deregistered* - 97033634 . Contents of the 'Scheduled Tasks' folder . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728] "EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ uInternet Settings,ProxyServer = 171.66.3.181:3128 uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - prefs.js: network.proxy.http - 211.222.202.109 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.ssl - 72.44.82.146 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-14 20:26:07 ComboFix-quarantined-files.txt 2011-11-15 04:26 ComboFix2.txt 2011-11-13 07:33 ComboFix3.txt 2011-11-11 21:16 ComboFix4.txt 2011-11-09 17:01 . Pre-Run: 231,975,989,248 bytes free Post-Run: 231,599,415,296 bytes free . - - End Of File - - FC65B9BF594F05D46C01605CEAA82FD1
  10. bigakita
    Need help from an Expert. I had a bug that hid my programs and tried to make me buy their clean up program. Part of the problem has been removed but I'm still getting redirects, popups and occasional internet radio. thanks, John . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 6/30/2010 10:10:58 AM System Uptime: 11/11/2011 10:03:07 AM (8 hours ago) . Motherboard: Dell Inc. | | 029DYC Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 929/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 218.912 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: facap, FastAccess Video Capture Device ID: ROOT\IMAGE\0000 Manufacturer: Sensible Vision Name: facap, FastAccess Video Capture PNP Device ID: ROOT\IMAGE\0000 Service: FACAP . ==== System Restore Points =================== . RP132: 11/7/2011 3:54:38 PM - Scheduled Checkpoint RP133: 11/9/2011 7:38:50 AM - ComboFix created restore point RP134: 11/11/2011 12:19:07 PM - ComboFix created restore point . ==== Installed Programs ====================== . 7-Zip 4.65 aaa ABBYY FineReader 6.0 Sprint Adobe AIR Adobe Reader 9.2 Adobe Shockwave Player 11.5 Advanced Audio FX Engine Apple Application Support Apple Software Update Auto Traffic Xploit Keyword Tool Automotix (remove only) Bing Bar CherryPicker CoffeeCup Free HTML Editor Compatibility Pack for the 2007 Office system Content Notifier Core FTP LE D3DX10 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central DHTML Editing Component Directory Submitter 1.0.29 Domain Name Dominator Domain Samurai Elite Proxy Switcher 1.10 Facebook iframe Made EZ Fast Content Producer Fences FileZilla Client 3.5.2 Google Chrome Google Instant Scraper version 1.2 Google Maps Scraper - Demo GoToAssist 8.0.0.514 GoToMeeting 5.0.0.799 Hot Item Finder HTML Executable Instant Blog Feeder Demo v2.01 InstantBannerPRO v2.01 Intel® Graphics Media Accelerator Driver iolo technologies' System Mechanic Java Auto Updater Java 6 Update 22 Jing Junk Mail filter update Kcast for Windows 7 Keyword Blueprint 2 Keyword Swarm Live! Cam Avatar Creator LoJack Factory Installer Malwarebytes' Anti-Malware version 1.51.2.1300 Market Samurai MassArticleCreator MassArticleSubmitter Memeo AutoSync Memeo Instant Backup Memeo Send Memeo Share Micro Niche Finder 5.0 Microsoft adCenter Desktop Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Browser Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Mozilla Firefox 8.0 (x86 en-US) MPT Domain Tool 1.0 MPT Keyword Tool 1.0 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OpenOffice.org 3.3 PowerDVD DX PromoSoft 1.81 Proxy Scraper QuickTime Roxio Burn Seagate Dashboard Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft Excel 2010 (KB2553070) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2584066) Security Update for Microsoft PowerPoint 2010 (KB2519975) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Word 2010 (KB2345000) SEO Link Robot SEO SpyGlass SEO TrackBacks Suite Setup1 Sick Submitter Skype Click to Call Skype™ 5.5 SocialBot Speed Typing Spelling Dictionaries Support For Adobe Reader 9 Spin Writer Pro version 1.6 Submitter TextPad 5 TheBestSpinner TimeLeft Traffic Equalizer Ultimate Diamond Backlinks Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2493983) Update for Microsoft Outlook Social Connector (KB2583935) VIPRE Antivirus Viral Article Publisher Web CEO 8.1 WEB20Bot Website Indexer WildTangent Games Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wondershare PPT2Video Pro 6.1.10 Word Wizard Xara Xtreme 5 Xara Xtreme Pro 5 XHeader XMind Your Local Shortcut . ==== Event Viewer Messages From Past Week ======== . 11/8/2011 9:53:40 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting. 11/8/2011 10:20:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/8/2011 10:20:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/6/2011 6:30:46 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 11/6/2011 2:20:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 11/11/2011 6:23:21 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 11/11/2011 12:57:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/11/2011 12:54:05 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 11/11/2011 10:07:02 AM, Error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: Access is denied. 11/10/2011 7:12:51 AM, Error: Service Control Manager [7034] - The lxeb_device service terminated unexpectedly. It has done this 1 time(s). 11/10/2011 4:54:34 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the SftService service. 11/10/2011 1:59:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/10/2011 1:59:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/10/2011 1:59:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/10/2011 1:59:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/10/2011 1:59:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 11/10/2011 1:59:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElRawDisk spldr Wanarpv6 11/10/2011 1:22:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 11/10/2011 1:08:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22 Run by John at 18:32:34 on 2011-11-11 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1344 [GMT -8:00] . AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exe C:\Windows\system32\lxebcoms.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe c:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe C:\Program Files (x86)\TechSmith\Jing\Jing.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ uInternet Settings,ProxyServer = 171.66.3.181:3128 uInternet Settings,ProxyOverride = <local>;*.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [speed Typing] "C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe" uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" mRun: [FAStartup] mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TimeLeft.lnk - C:\Program Files (x86)\TimeLeft3\TimeLeft.exe StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\John\AppData\Local\Temp\_uninst_.bat mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\5534448435D27455543545 : DhcpNameServer = 68.87.76.182 68.87.78.134 8.8.8.8 TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\564646F6E6E616 : DhcpNameServer = 192.168.1.2 68.94.156.1 68.94.157.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll BHO-X64: FAIESSO Helper Object - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent mRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" mRun-x64: [FAStartup] mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - prefs.js: network.proxy.http - 211.222.202.109 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.ssl - 72.44.82.146 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?] R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-8-29 101720] R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-30 89600] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-8-25 722616] R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?] R2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-5-9 45736] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824] R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752] R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-9-6 2804280] R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?] R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-9-6 181584] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-20 1692480] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?] S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-11-11 23:22:38 -------- d-sh--w- C:\$RECYCLE.BIN 2011-11-11 21:32:56 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-11 20:17:06 -------- d-----w- C:\ComboFix 2011-11-10 01:29:35 -------- d-----w- C:\Users\John\AppData\Roaming\YourLocalShorcut 2011-11-10 01:29:30 -------- d-----w- C:\Program Files (x86)\ Your Local Shortcut 2011-11-09 15:38:13 98816 ----a-w- C:\Windows\sed.exe 2011-11-09 15:38:13 518144 ----a-w- C:\Windows\SWREG.exe 2011-11-09 15:38:13 256000 ----a-w- C:\Windows\PEV.exe 2011-11-09 15:38:13 208896 ----a-w- C:\Windows\MBR.exe 2011-11-09 04:23:51 -------- d-----w- C:\ProgramData\Kaspersky Lab 2011-11-04 20:46:04 -------- d-----w- C:\Program Files (x86)\Market Samurai 2011-10-28 04:38:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2011-10-28 04:38:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2011-10-28 04:38:08 144384 ----a-w- C:\Windows\System32\cdd.dll 2011-10-25 18:38:07 -------- d-----w- C:\Program Files (x86)\KeywordBlueprint2 2011-10-24 02:23:53 -------- d-----w- C:\Program Files (x86)\Aruhat Technologies Pvt. Ltd 2011-10-22 01:05:11 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-10-22 01:04:48 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-10-22 01:04:19 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-10-21 19:34:27 -------- d-----w- C:\Users\John\AppData\Local\{2865715D-57F6-4183-B334-D5D5F0DCC203} 2011-10-21 19:34:15 -------- d-----w- C:\Users\John\AppData\Local\{B9AAC002-5CE9-4226-81BA-E62FCBA3D5E3} 2011-10-19 16:50:17 -------- d-----w- C:\Users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1 2011-10-14 14:40:33 -------- d-----w- C:\Users\John\AppData\Local\{62C2AE11-9588-4AB3-9A6F-FE6F66095388} 2011-10-14 13:23:24 -------- d-----w- C:\Users\John\AppData\Local\{2D588960-01EB-4D40-8DA7-035C971A51E6} 2011-10-14 13:22:08 -------- d-----w- C:\Users\John\AppData\Local\{B53D1843-D3DF-45B0-852A-EDC4214FF009} 2011-10-14 13:21:56 -------- d-----w- C:\Users\John\AppData\Local\{4C6DD6EB-B4AB-4F69-902F-F716F600B91B} 2011-10-14 07:09:56 -------- d-----w- C:\Users\John\AppData\Local\{4DB9D253-8ED7-4FE4-A69B-7DC00E3B8DAE} . ==================== Find3M ==================== . 2011-10-28 04:18:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-06 19:30:48 45904 ----a-w- C:\Windows\SysWow64\sbbd.exe 2011-09-06 19:30:48 45904 ----a-w- C:\Windows\System32\sbbd.exe 2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys 2011-08-30 00:36:34 71256 ----a-w- C:\Windows\System32\drivers\sbapifs.sys 2011-08-30 00:36:34 55384 ----a-w- C:\Windows\System32\drivers\sbredrv.sys 2011-08-30 00:36:34 101720 ----a-w- C:\Windows\SysWow64\drivers\SBREDrv.sys 2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll 2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax 2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax 2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax 2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax 2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax . ============= FINISH: 18:40:55.47 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.