bigakita
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by bigakita
-
-
Hello D-Fred,
Tried multiple times running the Kaspersky Disc . After loading on the last attempt the screen went blank for 30+ minutes before I ejected it. Let me know if this is this normal and I'll give it another shot.
thanks,
JV
-
Here's the page url
Antivirus Version Last Update Result
AhnLab-V3 2011.11.16.00 2011.11.16 Trojan/Win32.VBKrypt
AntiVir 7.11.17.203 2011.11.16 -
Antiy-AVL 2.0.3.7 2011.11.16 -
Avast 6.0.1289.0 2011.11.16 -
AVG 10.0.0.1190 2011.11.16 -
BitDefender 7.2 2011.11.16 Gen:Variant.Graftor.1148
ByteHero 1.0.0.1 2011.11.14 -
ClamAV 0.97.3.0 2011.11.16 -
Commtouch 5.3.2.6 2011.11.16 -
Comodo 10778 2011.11.14 -
DrWeb 5.0.2.03300 2011.11.16 -
Emsisoft 5.1.0.11 2011.11.16 -
eSafe 7.0.17.0 2011.11.16 -
eTrust-Vet 37.0.9569 2011.11.16 -
F-Prot 4.6.5.141 2011.11.16 -
F-Secure 9.0.16440.0 2011.11.16 Gen:Variant.Graftor.1148
Fortinet 4.3.370.0 2011.11.16 -
GData 22 2011.11.16 Gen:Variant.Graftor.1148
Ikarus T3.1.1.109.0 2011.11.16 -
Jiangmin 13.0.900 2011.11.16 -
K7AntiVirus 9.119.5474 2011.11.16 -
Kaspersky 9.0.0.837 2011.11.16 -
McAfee 5.400.0.1158 2011.11.16 -
McAfee-GW-Edition 2010.1D 2011.11.16 -
Microsoft 1.7801 2011.11.16 -
NOD32 6636 2011.11.16 -
Norman 6.07.13 2011.11.16 -
nProtect 2011-11-16.01 2011.11.16 Gen:Variant.Graftor.1148
Panda 10.0.3.5 2011.11.16 -
PCTools 8.0.0.5 2011.11.16 -
Prevx 3.0 2011.11.17 -
Rising 23.84.02.02 2011.11.16 -
Sophos 4.71.0 2011.11.16 -
SUPERAntiSpyware 4.40.0.1006 2011.11.16 -
Symantec 20111.2.0.82 2011.11.16 -
TheHacker 6.7.0.1.343 2011.11.16 -
TrendMicro 9.500.0.1008 2011.11.16 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.16 -
VBA32 3.12.16.4 2011.11.15 -
VIPRE 11062 2011.11.16 -
ViRobot 2011.11.16.4776 2011.11.16 -
VirusBuster 14.1.66.1 2011.11.16 -
Additional information
MD5 : 4109ba339dc84ed593bdd243fee3b9ec
SHA1 : d072b3aa139f34409491dbc92b8b42873679d3fe
SHA256: c256ee5580386b2a72112bd1b70cd95806f04e408402506353bc616181dd0fec
ssdeep: 6144:IX82cOnzNAkQmCtLe9+OGiTvNq05GSYT6m1Az/Hr3o3x0qPjTuAX+FxdPWQ/NiW:wdfn5A
HDti+XiTvNq0GxA2jTuAuFtn
File size : 442368 bytes
First seen: 2011-11-17 03:25:35
Last seen : 2011-11-17 03:25:35
Magic: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Microsoft Visual Basic 6 (96.9%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Durham Addressograph
copyright....: Louise Rankin Bingham Canterbu Mongolia Nelson Frisian Laguerre
product......: Tokyo Cunningham CeciliaDuffySelena Naomi SteinbergMcLeanMao
description..: MuensterHimalaya Matthew MysoreKathy AmadeusHoyt
original name: qqb.exe
internal name: qqb
file version.: 5.06.0005
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1478
timedatestamp....: 0x4EC400C1 (Wed Nov 16 18:28:17 2011)
machinetype......: 0x14C (Intel I386)
[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x68058, 0x69000, 7.9, 49be0b7f8d285b1d14dea0d64d5ff657
.data, 0x6A000, 0xDAC, 0x1000, 0.0, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0x6B000, 0x5D0, 0x1000, 1.39, 2cf0707697998edc3249bda08c0872d8
[[ 1 import(s) ]]
msvbvm60.dll: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, -, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaRefVarAry, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, DllFunctionCall, __vbaFpUI1, __vbaRedimPreserve, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, -, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaAryCopy, -, __vbaStrVarCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaFreeObj, __vbaI4ErrVar
Androguard:
-
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 430080
CompanyName: Durham Addressograph
EntryPoint: 0x1478
FileDescription: MuensterHimalaya Matthew MysoreKathy AmadeusHoyt
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 432 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.06.0005
FileVersionNumber: 5.6.0.5
ImageVersion: 5.6
InitializedDataSize: 8192
InternalName: qqb
LanguageCode: English (U.S.)
LegalCopyright: Louise Rankin Bingham Canterbu Mongolia Nelson Frisian Laguerre
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: qqb.exe
PEType: PE32
ProductName: Tokyo Cunningham CeciliaDuffySelena Naomi SteinbergMcLeanMao
ProductVersion: 5.06.0005
ProductVersionNumber: 5.6.0.5
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:11:16 19:28:17+01:00
UninitializedDataSize: 0
-
[ArcaVir]
2011-11-17 Found nothing
[Frisk F-Prot Antivirus]
2011-11-16 Found nothing
[Avast! antivirus]
2011-11-16 Found nothing
[F-Secure Anti-Virus]
2011-11-16 Gen:Variant.Graftor.1148
[Grisoft AVG Anti-Virus]
2011-11-16 Found nothing
[ikarus]
2011-11-17 Win32.SuspectCrc
[Avira AntiVir]
2011-11-16 Found nothing
[Kaspersky Anti-Virus]
2011-11-17 Found nothing
[softwin BitDefender]
2011-11-16 Gen:Variant.Graftor.1148
[Panda Antivirus]
2011-11-16 Found nothing
[ClamAV]
2011-11-17 Found nothing
[Quick Heal]
2011-11-16 Found nothing
[CPsecure]
2011-11-17 Found nothing
[sophos]
2011-11-17 Found nothing
[Dr.Web]
2011-11-17 Found nothing
[VirusBlokAda VBA32]
2011-11-15 Found nothing
[Emsisoft Anti-Malware]
2011-11-17 Win32.SuspectCrc!IK
[VirusBuster]
2011-11-16 Found nothing
[ESET]
2011-11-16 Found nothing
-
Still getting the occasional redirect.
ComboFix 11-11-16.02 - John 11/16/2011 16:28:12.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.984 [GMT -8:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CE870
c:\program files (x86)\CE870\lvvm.exe
c:\users\John\AppData\Roaming\FA6CE
c:\users\John\AppData\Roaming\Google\{0B8D6FDE-D846-4DFD-A423-3F3D1E4BAA0A}\LicenseValidator.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 01:02 . 2011-11-17 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 23:51 . 2011-11-16 23:51 1117 ----a-w- c:\windows\~clD12D.tmp
2011-11-16 22:47 . 2011-11-16 22:47 442368 --sh--w- c:\program files (x86)\Common Files\mhik.exe
2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio
2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai
2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut
2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut
2011-11-09 04:23 . 2011-11-16 04:39 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll
2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2
2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd
2011-10-22 01:05 . 2011-11-16 01:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-22 01:04 . 2011-11-16 01:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-22 01:04 . 2011-11-16 01:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 01:30 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe
2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe
2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys
2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-16 22:47 . 2011-11-16 22:47 49129 c:\windows\SysWOW64\winlog.dat
+ 2009-07-14 04:54 . 2011-11-16 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 23:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-17 01:07 38812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-04 07:13 . 2011-11-17 01:07 17968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin
+ 2010-06-30 17:11 . 2011-11-16 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-30 17:11 . 2011-11-11 23:56 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-30 17:11 . 2011-11-11 23:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-30 17:11 . 2011-11-16 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-16 21:08 . 2011-11-16 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011111620111117\index.dat
+ 2009-07-14 04:54 . 2011-11-16 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-16 21:08 . 2011-11-16 21:08 49120 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi
+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-17 01:05 . 2011-11-17 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-17 01:05 . 2011-11-17 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-01 05:57 . 2011-11-16 22:29 347908 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat
- 2011-08-27 23:51 . 2011-11-09 03:02 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-27 23:51 . 2011-11-16 14:12 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-17 01:04 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-10 22:49 . 2011-11-17 01:04 5265292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat
- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-16 23:40 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
"cftmon"="c:\program files (x86)\Common Files\mhik.exe" [2011-11-16 442368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]
"FAStartup"="" [bU]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]
_uninst_42015122.lnk - c:\users\John\AppData\Local\Temp\_uninst_42015122.bat [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:50242
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50242
FF - prefs.js: network.proxy.ssl - 72.44.82.146
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KeApplet - c:\users\John\AppData\Roaming\Google\{0B8D6FDE-D846-4DFD-A423-3F3D1E4BAA0A}\LicenseValidator.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Microsoft\BingBar\BingBar.exe
c:\program files (x86)\Microsoft\BingBar\BingApp.exe
.
**************************************************************************
.
Completion time: 2011-11-16 17:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-17 01:26
ComboFix2.txt 2011-11-16 16:09
ComboFix3.txt 2011-11-16 01:09
ComboFix4.txt 2011-11-15 04:26
ComboFix5.txt 2011-11-17 00:20
.
Pre-Run: 226,818,342,912 bytes free
Post-Run: 229,659,213,824 bytes free
.
- - End Of File - - 452AEE5B867A26CAA83CCBF401FA53DC
-
Hello,
I recognize the programs. Could not get ESET to run.
Still getting hijacked in both IE and Firefox.
thanks,
JV
ComboFix 11-11-15.06 - John 11/16/2011 6:58.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2144 [GMT -8:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\227F\464.tmp
c:\program files (x86)\LP\227F\5169.tmp
c:\program files (x86)\LP\227F\6C87.tmp
c:\program files (x86)\LP\227F\77FE.tmp
c:\program files (x86)\LP\227F\92A1.tmp
c:\program files (x86)\LP\227F\F826.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 15:33 . 2011-11-16 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 01:12 . 2011-11-16 14:15 -------- d-----w- c:\program files (x86)\CE870
2011-11-16 01:12 . 2011-11-16 01:12 -------- d-----w- c:\users\John\AppData\Roaming\FA6CE
2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio
2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai
2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut
2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut
2011-11-09 04:23 . 2011-11-16 04:39 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll
2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2
2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd
2011-10-22 01:05 . 2011-11-16 01:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-22 01:04 . 2011-11-16 01:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-22 01:04 . 2011-11-16 01:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 01:30 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe
2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe
2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys
2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-16 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 15:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-16 14:19 38570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-04 07:13 . 2011-11-16 00:50 17552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin
+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi
+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 15:36 . 2011-11-16 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 15:36 . 2011-11-16 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-01 05:57 . 2011-11-15 12:54 347668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat
- 2011-08-27 23:51 . 2011-11-09 03:02 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-27 23:51 . 2011-11-16 14:12 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-11-16 15:35 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-10 22:49 . 2011-11-16 15:35 5118852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat
- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-16 15:50 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]
"FAStartup"="" [bU]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]
_uninst_42015122.lnk - c:\users\John\AppData\Local\Temp\_uninst_42015122.bat [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:50242
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57050
FF - prefs.js: network.proxy.ssl - 72.44.82.146
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Microsoft\BingBar\BingBar.exe
c:\program files (x86)\Microsoft\BingBar\BingApp.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe
.
**************************************************************************
.
Completion time: 2011-11-16 08:09:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-16 16:08
ComboFix2.txt 2011-11-16 01:09
ComboFix3.txt 2011-11-15 04:26
ComboFix4.txt 2011-11-13 07:33
ComboFix5.txt 2011-11-16 14:50
.
Pre-Run: 230,661,746,688 bytes free
Post-Run: 230,775,173,120 bytes free
.
- - End Of File - - DEA3A5B74D51393E2F8803CA8220611C
Status: Deleted (events: 34)
11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{18034DC4-1A6D-4B18-A10D-FA445E0A8064}_ENC2 High
11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{18034DC4-1A6D-4B18-A10D-FA445E0A8064}_ENC2//PE-Crypt.XorPE High
11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{15B19923-CC84-4FB2-A452-3980F93B1061}_ENC2 High
11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{15B19923-CC84-4FB2-A452-3980F93B1061}_ENC2//PE-Crypt.XorPE High
11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{20D2A4F2-A097-434D-9D6C-D73A93829B51}_ENC2 High
11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{20D2A4F2-A097-434D-9D6C-D73A93829B51}_ENC2//PE-Crypt.XorPE High
11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{21ED7D59-E947-4EA2-863C-ECA945C0129B}_ENC2 High
11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{21ED7D59-E947-4EA2-863C-ECA945C0129B}_ENC2//PE-Crypt.XorPE High
11/15/2011 9:03:06 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{2A6E8C3D-0F80-4271-89C7-C8F5FC72A723}_ENC2 High
11/15/2011 9:03:06 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{2A6E8C3D-0F80-4271-89C7-C8F5FC72A723}_ENC2//PE-Crypt.XorPE High
11/15/2011 9:03:08 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{363EBE25-DA9F-4AFD-B0D0-81DF9E729142}_ENC2 High
11/15/2011 9:03:08 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{363EBE25-DA9F-4AFD-B0D0-81DF9E729142}_ENC2//PE-Crypt.XorPE High
11/15/2011 9:03:13 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{3FE6B6D0-A0D4-4681-B975-64FA365D1AE9}_ENC2 High
11/15/2011 9:03:13 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{3FE6B6D0-A0D4-4681-B975-64FA365D1AE9}_ENC2//PE-Crypt.XorPE High
11/15/2011 9:03:22 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{7ACDC400-3731-42F7-99C5-41122749B3BD}_ENC2 High
11/15/2011 9:03:18 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{A73A933C-A5EA-4994-AE64-261D7E62126E}_ENC2 High
11/15/2011 9:03:18 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{A73A933C-A5EA-4994-AE64-261D7E62126E}_ENC2//PE-Crypt.XorPE High
11/15/2011 9:09:21 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-1ba2c8d1 High
11/15/2011 9:09:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-4cbf6e44 High
11/15/2011 9:09:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-4de7a1c1 High
11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-58ab123e High
11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-704024e0 High
11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-72112017 High
11/15/2011 9:09:43 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsl C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\592c988d-390cff99 High
11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-355d4be3 High
11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-3d9f5d02 High
11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-4c73f2ac High
11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5dffa626 High
11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5ec67f94 High
11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-668b1e2a High
11/15/2011 9:09:52 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-1b963022 High
11/15/2011 9:09:52 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-435d9649 High
11/16/2011 6:23:45 AM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsv C:\Program Files (x86)\CE870\lvvm.exe High
11/16/2011 6:23:45 AM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsl C:\Program Files (x86)\LP\227F\619.exe High
Status: Absent (events: 2)
11/15/2011 9:04:03 PM Not found Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{7ACDC400-3731-42F7-99C5-41122749B3BD}_ENC2//PE-Crypt.XorPE High
11/16/2011 6:24:03 AM Not found Trojan program Trojan.Win32.Jorik.Downloader.lw C:\Program Files (x86)\LP\227F\704F.tmp High
Status: Disinfected (events: 18)
11/15/2011 9:09:26 PM Disinfected Trojan program Exploit.Java.CVE-2010-0842.o C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5767c64c-12ba39e9 High
11/15/2011 9:09:26 PM Disinfected Trojan program Exploit.Java.CVE-2010-0842.o C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5767c64c-12ba39e9/a.class High
11/15/2011 9:09:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d237503-4b0d3fbf High
11/15/2011 9:09:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d237503-4b0d3fbf/bingo/nikon.class High
11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cu C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2dc5a3ae-72a6ec46 High
11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cu C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2dc5a3ae-72a6ec46/folder/Glocker.class High
11/15/2011 9:09:52 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5a220905-53ddb49f High
11/15/2011 9:09:52 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5a220905-53ddb49f/bingo/nikon.class High
11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\17390232-31e5b1b8 High
11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\17390232-31e5b1b8/Start.class High
11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\1fd93878-3d1b420a High
11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\1fd93878-3d1b420a/bingo/nikon.class High
11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5ffcab9-41b244c1 High
11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5ffcab9-41b244c1/Start.class High
11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.en C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\485c8386-5d59f05d High
11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.en C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\485c8386-5d59f05d/json/Parser.class High
11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5fe2eefe-6a5b7262 High
11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5fe2eefe-6a5b7262/Start.class High
Status: Vulnerability (events: 3)
11/15/2011 10:46:18 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46512 C:\Program Files\Java\jre6\bin\java.exe Low
11/15/2011 10:52:00 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46512 C:\Program Files (x86)\Java\jre6\bin\java.exe Low
11/16/2011 6:00:35 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/46339 c:\Program Files (x86)\iTunes\iTunes.exe Low
-
Google searches are still getting redirected.
ComboFix 11-11-15.06 - John 11/15/2011 16:12:54.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2218 [GMT -8:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\97033634.sys"
"c:\windows\SYSWOW64\drivers\97033634.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_97033634
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 00:44 . 2011-11-16 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio
2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai
2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut
2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut
2011-11-09 04:23 . 2011-11-12 22:17 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll
2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2
2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd
2011-10-22 01:05 . 2011-10-22 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-22 01:04 . 2011-10-22 01:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-22 01:04 . 2011-10-22 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-12 00:37 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe
2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe
2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys
2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-16 00:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 00:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 00:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-16 00:50 38468 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-04 07:13 . 2011-11-16 00:50 17552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin
+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi
+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 00:47 . 2011-11-16 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 00:47 . 2011-11-16 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-01 05:57 . 2011-11-15 12:54 347668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-16 00:46 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-10 22:49 . 2011-11-16 00:47 3979152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat
- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-15 13:17 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]
"FAStartup"="" [bU]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]
"combofix"="c:\combofix\CF22415.3XE" [2009-07-14 344576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 171.66.3.181:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 211.222.202.109
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.ssl - 72.44.82.146
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Microsoft\BingBar\BingBar.exe
c:\program files (x86)\Microsoft\BingBar\BingApp.exe
.
**************************************************************************
.
Completion time: 2011-11-15 17:09:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-16 01:09
ComboFix2.txt 2011-11-15 04:26
ComboFix3.txt 2011-11-13 07:33
ComboFix4.txt 2011-11-11 21:16
ComboFix5.txt 2011-11-16 00:05
.
Pre-Run: 231,265,148,928 bytes free
Post-Run: 231,351,111,680 bytes free
.
- - End Of File - - CF5F74289D0EEBC88E85D50272F0C2B7
-
19:07:36.0171 7012 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
19:07:36.0507 7012 ============================================================
19:07:36.0507 7012 Current date / time: 2011/11/14 19:07:36.0507
19:07:36.0507 7012 SystemInfo:
19:07:36.0507 7012
19:07:36.0507 7012 OS Version: 6.1.7600 ServicePack: 0.0
19:07:36.0507 7012 Product type: Workstation
19:07:36.0508 7012 ComputerName: JOHN-PC
19:07:36.0508 7012 UserName: John
19:07:36.0508 7012 Windows directory: C:\Windows
19:07:36.0508 7012 System windows directory: C:\Windows
19:07:36.0508 7012 Running under WOW64
19:07:36.0508 7012 Processor architecture: Intel x64
19:07:36.0508 7012 Number of processors: 4
19:07:36.0508 7012 Page size: 0x1000
19:07:36.0508 7012 Boot type: Normal boot
19:07:36.0508 7012 ============================================================
19:07:37.0926 7012 Initialize success
19:08:03.0827 2708 ============================================================
19:08:03.0827 2708 Scan started
19:08:03.0827 2708 Mode: Manual;
19:08:03.0827 2708 ============================================================
19:08:06.0890 2708 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
19:08:06.0899 2708 1394ohci - ok
19:08:06.0936 2708 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
19:08:06.0948 2708 Acceler - ok
19:08:06.0987 2708 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:08:06.0993 2708 ACPI - ok
19:08:07.0022 2708 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:08:07.0044 2708 AcpiPmi - ok
19:08:07.0088 2708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:08:07.0111 2708 adp94xx - ok
19:08:07.0175 2708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:08:07.0203 2708 adpahci - ok
19:08:07.0213 2708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:08:07.0251 2708 adpu320 - ok
19:08:07.0300 2708 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:08:07.0303 2708 AFD - ok
19:08:07.0313 2708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:08:07.0329 2708 agp440 - ok
19:08:07.0344 2708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:08:07.0361 2708 aliide - ok
19:08:07.0370 2708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:08:07.0377 2708 amdide - ok
19:08:07.0385 2708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:08:07.0399 2708 AmdK8 - ok
19:08:07.0409 2708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:08:07.0435 2708 AmdPPM - ok
19:08:07.0454 2708 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:08:07.0472 2708 amdsata - ok
19:08:07.0487 2708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:08:07.0518 2708 amdsbs - ok
19:08:07.0567 2708 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:08:07.0573 2708 amdxata - ok
19:08:07.0605 2708 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:08:07.0623 2708 AppID - ok
19:08:07.0647 2708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:08:07.0653 2708 arc - ok
19:08:07.0664 2708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:08:07.0675 2708 arcsas - ok
19:08:07.0700 2708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:07.0714 2708 AsyncMac - ok
19:08:07.0733 2708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:08:07.0740 2708 atapi - ok
19:08:07.0788 2708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:08:07.0802 2708 b06bdrv - ok
19:08:07.0819 2708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:08:07.0841 2708 b57nd60a - ok
19:08:07.0867 2708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:08:07.0878 2708 Beep - ok
19:08:07.0911 2708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:08:07.0915 2708 blbdrive - ok
19:08:07.0958 2708 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:08:07.0963 2708 bowser - ok
19:08:07.0972 2708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:08:07.0985 2708 BrFiltLo - ok
19:08:07.0994 2708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:08:07.0997 2708 BrFiltUp - ok
19:08:08.0011 2708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:08:08.0028 2708 Brserid - ok
19:08:08.0037 2708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:08:08.0048 2708 BrSerWdm - ok
19:08:08.0058 2708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:08:08.0066 2708 BrUsbMdm - ok
19:08:08.0077 2708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:08:08.0086 2708 BrUsbSer - ok
19:08:08.0123 2708 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:08:08.0129 2708 BthEnum - ok
19:08:08.0143 2708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:08:08.0160 2708 BTHMODEM - ok
19:08:08.0185 2708 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:08:08.0188 2708 BthPan - ok
19:08:08.0227 2708 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
19:08:08.0251 2708 BTHPORT - ok
19:08:08.0280 2708 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
19:08:08.0286 2708 BTHUSB - ok
19:08:08.0322 2708 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
19:08:08.0330 2708 btwaudio - ok
19:08:08.0356 2708 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
19:08:08.0365 2708 btwavdt - ok
19:08:08.0395 2708 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:08:08.0406 2708 btwl2cap - ok
19:08:08.0427 2708 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
19:08:08.0430 2708 btwrchid - ok
19:08:08.0551 2708 catchme - ok
19:08:08.0569 2708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:08:08.0587 2708 cdfs - ok
19:08:08.0605 2708 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:08:08.0625 2708 cdrom - ok
19:08:08.0654 2708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:08:08.0671 2708 circlass - ok
19:08:08.0713 2708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:08:08.0718 2708 CLFS - ok
19:08:08.0759 2708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:08.0773 2708 CmBatt - ok
19:08:08.0786 2708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:08:08.0796 2708 cmdide - ok
19:08:08.0834 2708 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:08:08.0852 2708 CNG - ok
19:08:08.0875 2708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:08:09.0249 2708 Compbatt - ok
19:08:09.0264 2708 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:08:09.0277 2708 CompositeBus - ok
19:08:09.0294 2708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:08:09.0307 2708 crcdisk - ok
19:08:09.0351 2708 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:08:09.0372 2708 CtClsFlt - ok
19:08:09.0403 2708 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys
19:08:09.0424 2708 dc3d - ok
19:08:09.0504 2708 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:08:09.0511 2708 DfsC - ok
19:08:09.0551 2708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:08:09.0557 2708 discache - ok
19:08:09.0587 2708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:08:09.0603 2708 Disk - ok
19:08:09.0642 2708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:08:09.0659 2708 drmkaud - ok
19:08:09.0715 2708 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:08:09.0749 2708 DXGKrnl - ok
19:08:09.0854 2708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:08:09.0950 2708 ebdrv - ok
19:08:09.0984 2708 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
19:08:09.0994 2708 ElRawDisk - ok
19:08:10.0024 2708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:08:10.0051 2708 elxstor - ok
19:08:10.0063 2708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:08:10.0074 2708 ErrDev - ok
19:08:10.0112 2708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:08:10.0126 2708 exfat - ok
19:08:10.0154 2708 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
19:08:10.0164 2708 FACAP - ok
19:08:10.0192 2708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:08:10.0207 2708 fastfat - ok
19:08:10.0220 2708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:08:10.0232 2708 fdc - ok
19:08:10.0262 2708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:08:10.0276 2708 FileInfo - ok
19:08:10.0298 2708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:08:10.0308 2708 Filetrace - ok
19:08:10.0319 2708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:08:10.0332 2708 flpydisk - ok
19:08:10.0353 2708 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:08:10.0360 2708 FltMgr - ok
19:08:10.0375 2708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:08:10.0380 2708 FsDepends - ok
19:08:10.0394 2708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:08:10.0409 2708 Fs_Rec - ok
19:08:10.0447 2708 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:08:10.0453 2708 fvevol - ok
19:08:10.0466 2708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:08:10.0480 2708 gagp30kx - ok
19:08:10.0516 2708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:08:10.0521 2708 GEARAspiWDM - ok
19:08:10.0544 2708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:08:10.0557 2708 hcw85cir - ok
19:08:10.0588 2708 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:08:10.0593 2708 HDAudBus - ok
19:08:10.0633 2708 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:08:10.0646 2708 HECIx64 - ok
19:08:10.0654 2708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:08:10.0666 2708 HidBatt - ok
19:08:10.0676 2708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:08:10.0681 2708 HidBth - ok
19:08:10.0690 2708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:08:10.0696 2708 HidIr - ok
19:08:10.0717 2708 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:08:10.0722 2708 HidUsb - ok
19:08:10.0740 2708 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:08:10.0751 2708 HpSAMD - ok
19:08:10.0781 2708 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:08:10.0786 2708 HTTP - ok
19:08:10.0803 2708 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:08:10.0804 2708 hwpolicy - ok
19:08:10.0839 2708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:08:10.0857 2708 i8042prt - ok
19:08:10.0904 2708 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:08:10.0930 2708 iaStorV - ok
19:08:11.0143 2708 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:08:11.0664 2708 igfx - ok
19:08:11.0834 2708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:08:11.0855 2708 iirsp - ok
19:08:11.0891 2708 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
19:08:11.0908 2708 Impcd - ok
19:08:11.0948 2708 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:08:11.0979 2708 IntcDAud - ok
19:08:12.0004 2708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:08:12.0020 2708 intelide - ok
19:08:12.0042 2708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:08:12.0044 2708 intelppm - ok
19:08:12.0067 2708 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:12.0083 2708 IpFilterDriver - ok
19:08:12.0096 2708 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:08:12.0108 2708 IPMIDRV - ok
19:08:12.0118 2708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:08:12.0129 2708 IPNAT - ok
19:08:12.0142 2708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:08:12.0151 2708 IRENUM - ok
19:08:12.0161 2708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:08:12.0170 2708 isapnp - ok
19:08:12.0195 2708 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:08:12.0218 2708 iScsiPrt - ok
19:08:12.0230 2708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:08:12.0239 2708 kbdclass - ok
19:08:12.0261 2708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:08:12.0273 2708 kbdhid - ok
19:08:12.0301 2708 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:08:12.0309 2708 KSecDD - ok
19:08:12.0350 2708 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:08:12.0366 2708 KSecPkg - ok
19:08:12.0388 2708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:08:12.0402 2708 ksthunk - ok
19:08:12.0439 2708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:08:12.0455 2708 lltdio - ok
19:08:12.0490 2708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:08:12.0512 2708 LSI_FC - ok
19:08:12.0522 2708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:08:12.0527 2708 LSI_SAS - ok
19:08:12.0536 2708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:08:12.0551 2708 LSI_SAS2 - ok
19:08:12.0562 2708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:08:12.0567 2708 LSI_SCSI - ok
19:08:12.0584 2708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:08:12.0599 2708 luafv - ok
19:08:12.0615 2708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:08:12.0627 2708 megasas - ok
19:08:12.0656 2708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:08:12.0680 2708 MegaSR - ok
19:08:12.0700 2708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:08:12.0707 2708 Modem - ok
19:08:12.0722 2708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:08:12.0723 2708 monitor - ok
19:08:12.0763 2708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:08:12.0768 2708 mouclass - ok
19:08:12.0781 2708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:08:12.0788 2708 mouhid - ok
19:08:12.0809 2708 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:08:12.0810 2708 mountmgr - ok
19:08:12.0820 2708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:08:12.0842 2708 mpio - ok
19:08:12.0877 2708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:08:12.0892 2708 mpsdrv - ok
19:08:12.0905 2708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:08:12.0921 2708 MRxDAV - ok
19:08:12.0965 2708 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:12.0981 2708 mrxsmb - ok
19:08:13.0013 2708 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:13.0032 2708 mrxsmb10 - ok
19:08:13.0057 2708 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:13.0065 2708 mrxsmb20 - ok
19:08:13.0107 2708 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
19:08:13.0134 2708 msahci - ok
19:08:13.0148 2708 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:08:13.0155 2708 msdsm - ok
19:08:13.0199 2708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:08:13.0211 2708 Msfs - ok
19:08:13.0221 2708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:08:13.0226 2708 mshidkmdf - ok
19:08:13.0250 2708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:08:13.0254 2708 msisadrv - ok
19:08:13.0282 2708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:08:13.0302 2708 MSKSSRV - ok
19:08:13.0311 2708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:13.0320 2708 MSPCLOCK - ok
19:08:13.0331 2708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:08:13.0341 2708 MSPQM - ok
19:08:13.0372 2708 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:08:13.0384 2708 MsRPC - ok
19:08:13.0402 2708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:13.0404 2708 mssmbios - ok
19:08:13.0417 2708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:08:13.0423 2708 MSTEE - ok
19:08:13.0444 2708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:08:13.0468 2708 MTConfig - ok
19:08:13.0492 2708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:08:13.0505 2708 Mup - ok
19:08:13.0537 2708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:08:13.0545 2708 NativeWifiP - ok
19:08:13.0572 2708 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:08:13.0577 2708 NDIS - ok
19:08:13.0595 2708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:08:13.0605 2708 NdisCap - ok
19:08:13.0784 2708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:13.0801 2708 NdisTapi - ok
19:08:13.0826 2708 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:13.0832 2708 Ndisuio - ok
19:08:13.0857 2708 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:13.0872 2708 NdisWan - ok
19:08:13.0893 2708 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:08:13.0899 2708 NDProxy - ok
19:08:13.0926 2708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:08:13.0944 2708 NetBIOS - ok
19:08:13.0975 2708 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:08:13.0977 2708 NetBT - ok
19:08:14.0186 2708 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
19:08:14.0383 2708 NETw5s64 - ok
19:08:14.0413 2708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:08:14.0418 2708 nfrd960 - ok
19:08:14.0448 2708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:08:14.0458 2708 Npfs - ok
19:08:14.0486 2708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:08:14.0486 2708 nsiproxy - ok
19:08:14.0561 2708 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:08:14.0617 2708 Ntfs - ok
19:08:14.0649 2708 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:08:14.0662 2708 NuidFltr - ok
19:08:14.0683 2708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:08:14.0689 2708 Null - ok
19:08:14.0702 2708 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:08:14.0714 2708 nvraid - ok
19:08:14.0730 2708 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:08:14.0743 2708 nvstor - ok
19:08:14.0759 2708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:08:14.0775 2708 nv_agp - ok
19:08:14.0811 2708 O2MDGRDR (8c2953537ca19dfaa67d612407e0f33e) C:\Windows\system32\DRIVERS\o2mdgx64.sys
19:08:14.0819 2708 O2MDGRDR - ok
19:08:14.0846 2708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:08:14.0860 2708 ohci1394 - ok
19:08:14.0884 2708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:08:14.0898 2708 Parport - ok
19:08:14.0918 2708 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:08:14.0924 2708 partmgr - ok
19:08:14.0966 2708 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:08:14.0986 2708 pci - ok
19:08:15.0008 2708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:08:15.0024 2708 pciide - ok
19:08:15.0040 2708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:08:15.0052 2708 pcmcia - ok
19:08:15.0101 2708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:08:15.0111 2708 pcw - ok
19:08:15.0160 2708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:08:15.0176 2708 PEAUTH - ok
19:08:15.0222 2708 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:08:15.0236 2708 PptpMiniport - ok
19:08:15.0246 2708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:08:15.0260 2708 Processor - ok
19:08:15.0286 2708 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:08:15.0287 2708 Psched - ok
19:08:15.0318 2708 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:08:15.0325 2708 PxHlpa64 - ok
19:08:15.0377 2708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:08:15.0425 2708 ql2300 - ok
19:08:15.0438 2708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:08:15.0443 2708 ql40xx - ok
19:08:15.0457 2708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:08:15.0463 2708 QWAVEdrv - ok
19:08:15.0490 2708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:08:15.0509 2708 RasAcd - ok
19:08:15.0527 2708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:08:15.0533 2708 RasAgileVpn - ok
19:08:15.0563 2708 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:15.0579 2708 Rasl2tp - ok
19:08:15.0600 2708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:15.0613 2708 RasPppoe - ok
19:08:15.0629 2708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:08:15.0642 2708 RasSstp - ok
19:08:15.0668 2708 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:08:15.0682 2708 rdbss - ok
19:08:15.0697 2708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:08:15.0705 2708 rdpbus - ok
19:08:15.0727 2708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:15.0728 2708 RDPCDD - ok
19:08:15.0748 2708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:08:15.0749 2708 RDPENCDD - ok
19:08:15.0768 2708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:08:15.0769 2708 RDPREFMP - ok
19:08:15.0780 2708 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:08:15.0948 2708 RDPWD - ok
19:08:15.0977 2708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:08:15.0990 2708 rdyboost - ok
19:08:16.0030 2708 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:08:16.0046 2708 RFCOMM - ok
19:08:16.0102 2708 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
19:08:16.0110 2708 RsFx0103 - ok
19:08:16.0124 2708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:08:16.0147 2708 rspndr - ok
19:08:16.0176 2708 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:08:16.0187 2708 RTL8167 - ok
19:08:16.0339 2708 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:08:16.0344 2708 SASDIFSV - ok
19:08:16.0376 2708 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:08:16.0381 2708 SASKUTIL - ok
19:08:16.0427 2708 sbapifs (cd50ffb4c803c06d21ce3569489b7929) C:\Windows\system32\DRIVERS\sbapifs.sys
19:08:16.0441 2708 sbapifs - ok
19:08:16.0458 2708 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:08:16.0475 2708 sbp2port - ok
19:08:16.0516 2708 SBRE (2f58125ad1bb90959f9634c7ac36d230) C:\Windows\system32\drivers\SBREdrv.sys
19:08:16.0523 2708 SBRE - ok
19:08:16.0574 2708 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
19:08:16.0587 2708 SbTis - ok
19:08:16.0614 2708 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:08:16.0634 2708 scfilter - ok
19:08:16.0669 2708 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
19:08:16.0849 2708 sdbus - ok
19:08:16.0893 2708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:08:16.0907 2708 secdrv - ok
19:08:16.0933 2708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:08:16.0940 2708 Serenum - ok
19:08:16.0950 2708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:08:16.0954 2708 Serial - ok
19:08:16.0963 2708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:08:16.0982 2708 sermouse - ok
19:08:17.0002 2708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:08:17.0012 2708 sffdisk - ok
19:08:17.0026 2708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:08:17.0030 2708 sffp_mmc - ok
19:08:17.0039 2708 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:08:17.0042 2708 sffp_sd - ok
19:08:17.0051 2708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:08:17.0059 2708 sfloppy - ok
19:08:17.0082 2708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:08:17.0090 2708 SiSRaid2 - ok
19:08:17.0099 2708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:08:17.0111 2708 SiSRaid4 - ok
19:08:17.0138 2708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:08:17.0152 2708 Smb - ok
19:08:17.0192 2708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:08:17.0197 2708 spldr - ok
19:08:17.0256 2708 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:08:17.0270 2708 srv - ok
19:08:17.0310 2708 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:08:17.0326 2708 srv2 - ok
19:08:17.0372 2708 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:08:17.0384 2708 srvnet - ok
19:08:17.0407 2708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:08:17.0411 2708 stexstor - ok
19:08:17.0439 2708 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
19:08:17.0463 2708 STHDA - ok
19:08:17.0479 2708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:08:17.0485 2708 swenum - ok
19:08:17.0530 2708 SynTP (39d4b4343ba70e4b32c4531bd075b9f6) C:\Windows\system32\DRIVERS\SynTP.sys
19:08:17.0566 2708 SynTP - ok
19:08:17.0646 2708 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:08:17.0768 2708 Tcpip - ok
19:08:17.0808 2708 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:08:17.0826 2708 TCPIP6 - ok
19:08:17.0846 2708 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:08:17.0861 2708 tcpipreg - ok
19:08:17.0873 2708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:08:17.0877 2708 TDPIPE - ok
19:08:17.0887 2708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:08:17.0899 2708 TDTCP - ok
19:08:17.0915 2708 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:08:17.0930 2708 tdx - ok
19:08:17.0948 2708 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:08:18.0126 2708 TermDD - ok
19:08:18.0188 2708 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:18.0203 2708 tssecsrv - ok
19:08:18.0222 2708 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:08:18.0234 2708 tunnel - ok
19:08:18.0257 2708 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
19:08:18.0684 2708 TurboB - ok
19:08:18.0695 2708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:08:18.0699 2708 uagp35 - ok
19:08:18.0729 2708 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
19:08:18.0953 2708 udfs - ok
19:08:18.0969 2708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:08:19.0002 2708 uliagpkx - ok
19:08:19.0023 2708 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:08:19.0037 2708 umbus - ok
19:08:19.0048 2708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:08:19.0056 2708 UmPass - ok
19:08:19.0093 2708 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:08:19.0110 2708 usbaudio - ok
19:08:19.0149 2708 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:19.0166 2708 usbccgp - ok
19:08:19.0190 2708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:08:19.0197 2708 usbcir - ok
19:08:19.0223 2708 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
19:08:19.0229 2708 usbehci - ok
19:08:19.0265 2708 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
19:08:19.0285 2708 usbhub - ok
19:08:19.0312 2708 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
19:08:19.0319 2708 usbohci - ok
19:08:19.0333 2708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:08:19.0347 2708 usbprint - ok
19:08:19.0373 2708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:08:19.0390 2708 usbscan - ok
19:08:19.0417 2708 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:19.0437 2708 USBSTOR - ok
19:08:19.0450 2708 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
19:08:19.0464 2708 usbuhci - ok
19:08:19.0496 2708 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
19:08:19.0513 2708 usbvideo - ok
19:08:19.0571 2708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:08:19.0575 2708 vdrvroot - ok
19:08:19.0587 2708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:19.0599 2708 vga - ok
19:08:19.0614 2708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:08:19.0617 2708 VgaSave - ok
19:08:19.0629 2708 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:08:19.0643 2708 vhdmp - ok
19:08:19.0653 2708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:08:19.0665 2708 viaide - ok
19:08:19.0684 2708 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:08:19.0699 2708 volmgr - ok
19:08:19.0725 2708 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:08:19.0727 2708 volmgrx - ok
19:08:19.0751 2708 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:08:19.0762 2708 volsnap - ok
19:08:19.0775 2708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:08:19.0783 2708 vsmraid - ok
19:08:19.0805 2708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:08:19.0817 2708 vwifibus - ok
19:08:19.0841 2708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:08:19.0847 2708 vwififlt - ok
19:08:19.0868 2708 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:08:19.0869 2708 vwifimp - ok
19:08:19.0887 2708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:08:19.0892 2708 WacomPen - ok
19:08:19.0911 2708 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:19.0924 2708 WANARP - ok
19:08:19.0928 2708 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:19.0932 2708 Wanarpv6 - ok
19:08:19.0953 2708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:08:19.0961 2708 Wd - ok
19:08:19.0989 2708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:08:20.0016 2708 Wdf01000 - ok
19:08:20.0053 2708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:08:20.0058 2708 WfpLwf - ok
19:08:20.0080 2708 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:08:20.0102 2708 WimFltr - ok
19:08:20.0126 2708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:08:20.0305 2708 WIMMount - ok
19:08:20.0366 2708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:08:20.0368 2708 WmiAcpi - ok
19:08:20.0401 2708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:08:20.0420 2708 ws2ifsl - ok
19:08:20.0484 2708 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
19:08:20.0707 2708 WudfPf - ok
19:08:20.0747 2708 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:20.0946 2708 WUDFRd - ok
19:08:20.0974 2708 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:08:20.0987 2708 \Device\Harddisk0\DR0 - ok
19:08:20.0991 2708 Boot (0x1200) (47a2b6601a482770db82e6c7c1fb0314) \Device\Harddisk0\DR0\Partition0
19:08:20.0992 2708 \Device\Harddisk0\DR0\Partition0 - ok
19:08:21.0004 2708 Boot (0x1200) (6a6b0afbb8807427dc183bf4c2febbff) \Device\Harddisk0\DR0\Partition1
19:08:21.0005 2708 \Device\Harddisk0\DR0\Partition1 - ok
19:08:21.0006 2708 ============================================================
19:08:21.0006 2708 Scan finished
19:08:21.0006 2708 ============================================================
19:08:21.0115 1092 Detected object count: 0
19:08:21.0115 1092 Actual detected object count: 0
Results of screen317's Security Check version 0.99.26
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
VIPRE Antivirus
iolo technologies' System Mechanic
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java 6 Update 22
Out of date Java installed!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
iolo Common Lib ioloServiceManager.exe
``````````End of Log````````````
I was getting unknown music and search hijacks before running the above. So symptoms as we speak.
JV
-
Thanks for your help D-FRED-BROWN
ComboFix 11-11-14.03 - John 11/14/2011 19:34:21.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1681 [GMT -8:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 04:06 . 2011-11-15 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio
2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai
2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut
2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut
2011-11-09 04:23 . 2011-11-12 22:17 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll
2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2
2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd
2011-10-22 01:05 . 2011-10-22 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-22 01:04 . 2011-10-22 01:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-22 01:04 . 2011-10-22 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-12 00:37 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe
2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe
2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys
2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-17 05:32 . 2011-10-12 05:51 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 05:27 . 2011-10-12 05:51 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 05:27 . 2011-10-12 05:51 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-08-17 05:27 . 2011-10-12 05:51 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-08-17 05:27 . 2011-10-12 05:51 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-08-17 04:26 . 2011-10-12 05:51 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22 . 2011-10-12 05:51 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22 . 2011-10-12 05:51 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22 . 2011-10-12 05:51 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22 . 2011-10-12 05:51 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-15 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-15 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-15 01:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-15 01:01 38372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi
+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-15 00:59 . 2011-11-15 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-15 00:59 . 2011-11-15 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-01 05:57 . 2011-11-14 17:33 347196 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-15 01:05 727974 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-15 01:05 147114 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-15 00:57 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-10 22:49 . 2011-11-15 00:57 3543172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat
- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-15 01:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]
"FAStartup"="" [bU]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97033634
*Deregistered* - 97033634
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 171.66.3.181:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 211.222.202.109
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.ssl - 72.44.82.146
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-14 20:26:07
ComboFix-quarantined-files.txt 2011-11-15 04:26
ComboFix2.txt 2011-11-13 07:33
ComboFix3.txt 2011-11-11 21:16
ComboFix4.txt 2011-11-09 17:01
.
Pre-Run: 231,975,989,248 bytes free
Post-Run: 231,599,415,296 bytes free
.
- - End Of File - - FC65B9BF594F05D46C01605CEAA82FD1
-
Need help from an Expert.
I had a bug that hid my programs and tried to make me buy their clean up program. Part of the problem has been removed
but I'm still getting redirects, popups and occasional internet radio.
thanks,
John
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/30/2010 10:10:58 AM
System Uptime: 11/11/2011 10:03:07 AM (8 hours ago)
.
Motherboard: Dell Inc. | | 029DYC
Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 929/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 218.912 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP132: 11/7/2011 3:54:38 PM - Scheduled Checkpoint
RP133: 11/9/2011 7:38:50 AM - ComboFix created restore point
RP134: 11/11/2011 12:19:07 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
7-Zip 4.65
aaa
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Auto Traffic Xploit Keyword Tool
Automotix (remove only)
Bing Bar
CherryPicker
CoffeeCup Free HTML Editor
Compatibility Pack for the 2007 Office system
Content Notifier
Core FTP LE
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
DHTML Editing Component
Directory Submitter 1.0.29
Domain Name Dominator
Domain Samurai
Elite Proxy Switcher 1.10
Facebook iframe Made EZ
Fast Content Producer
Fences
FileZilla Client 3.5.2
Google Chrome
Google Instant Scraper version 1.2
Google Maps Scraper - Demo
GoToAssist 8.0.0.514
GoToMeeting 5.0.0.799
Hot Item Finder
HTML Executable
Instant Blog Feeder Demo v2.01
InstantBannerPRO v2.01
Intel® Graphics Media Accelerator Driver
iolo technologies' System Mechanic
Java Auto Updater
Java 6 Update 22
Jing
Junk Mail filter update
Kcast for Windows 7
Keyword Blueprint 2
Keyword Swarm
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes' Anti-Malware version 1.51.2.1300
Market Samurai
MassArticleCreator
MassArticleSubmitter
Memeo AutoSync
Memeo Instant Backup
Memeo Send
Memeo Share
Micro Niche Finder 5.0
Microsoft adCenter Desktop
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MPT Domain Tool 1.0
MPT Keyword Tool 1.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
PowerDVD DX
PromoSoft 1.81
Proxy Scraper
QuickTime
Roxio Burn
Seagate Dashboard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Word 2010 (KB2345000)
SEO Link Robot
SEO SpyGlass
SEO TrackBacks Suite
Setup1
Sick Submitter
Skype Click to Call
Skype™ 5.5
SocialBot
Speed Typing
Spelling Dictionaries Support For Adobe Reader 9
Spin Writer Pro version 1.6
Submitter
TextPad 5
TheBestSpinner
TimeLeft
Traffic Equalizer
Ultimate Diamond Backlinks
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
VIPRE Antivirus
Viral Article Publisher
Web CEO 8.1
WEB20Bot
Website Indexer
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wondershare PPT2Video Pro 6.1.10
Word Wizard
Xara Xtreme 5
Xara Xtreme Pro 5
XHeader
XMind
Your Local Shortcut
.
==== Event Viewer Messages From Past Week ========
.
11/8/2011 9:53:40 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.
11/8/2011 10:20:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/8/2011 10:20:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/6/2011 6:30:46 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/6/2011 2:20:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/11/2011 6:23:21 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
11/11/2011 12:57:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/11/2011 12:54:05 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/11/2011 10:07:02 AM, Error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: Access is denied.
11/10/2011 7:12:51 AM, Error: Service Control Manager [7034] - The lxeb_device service terminated unexpectedly. It has done this 1 time(s).
11/10/2011 4:54:34 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the SftService service.
11/10/2011 1:59:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/10/2011 1:59:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/10/2011 1:59:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2011 1:59:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/10/2011 1:59:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
11/10/2011 1:59:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElRawDisk spldr Wanarpv6
11/10/2011 1:22:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/10/2011 1:08:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by John at 18:32:34 on 2011-11-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1344 [GMT -8:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 171.66.3.181:3128
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [speed Typing] "C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe"
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
mRun: [FAStartup]
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TimeLeft.lnk - C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\John\AppData\Local\Temp\_uninst_.bat
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\5534448435D27455543545 : DhcpNameServer = 68.87.76.182 68.87.78.134 8.8.8.8
TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\564646F6E6E616 : DhcpNameServer = 192.168.1.2 68.94.156.1 68.94.157.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
mRun-x64: [FAStartup]
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 211.222.202.109
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.ssl - 72.44.82.146
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-8-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-30 89600]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-8-25 722616]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-5-9 45736]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]
R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-9-6 2804280]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-9-6 181584]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-20 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-11-11 23:22:38 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-11 21:32:56 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-11 20:17:06 -------- d-----w- C:\ComboFix
2011-11-10 01:29:35 -------- d-----w- C:\Users\John\AppData\Roaming\YourLocalShorcut
2011-11-10 01:29:30 -------- d-----w- C:\Program Files (x86)\ Your Local Shortcut
2011-11-09 15:38:13 98816 ----a-w- C:\Windows\sed.exe
2011-11-09 15:38:13 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-09 15:38:13 256000 ----a-w- C:\Windows\PEV.exe
2011-11-09 15:38:13 208896 ----a-w- C:\Windows\MBR.exe
2011-11-09 04:23:51 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-04 20:46:04 -------- d-----w- C:\Program Files (x86)\Market Samurai
2011-10-28 04:38:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-10-28 04:38:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-10-28 04:38:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-10-25 18:38:07 -------- d-----w- C:\Program Files (x86)\KeywordBlueprint2
2011-10-24 02:23:53 -------- d-----w- C:\Program Files (x86)\Aruhat Technologies Pvt. Ltd
2011-10-22 01:05:11 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-22 01:04:48 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-22 01:04:19 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-21 19:34:27 -------- d-----w- C:\Users\John\AppData\Local\{2865715D-57F6-4183-B334-D5D5F0DCC203}
2011-10-21 19:34:15 -------- d-----w- C:\Users\John\AppData\Local\{B9AAC002-5CE9-4226-81BA-E62FCBA3D5E3}
2011-10-19 16:50:17 -------- d-----w- C:\Users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
2011-10-14 14:40:33 -------- d-----w- C:\Users\John\AppData\Local\{62C2AE11-9588-4AB3-9A6F-FE6F66095388}
2011-10-14 13:23:24 -------- d-----w- C:\Users\John\AppData\Local\{2D588960-01EB-4D40-8DA7-035C971A51E6}
2011-10-14 13:22:08 -------- d-----w- C:\Users\John\AppData\Local\{B53D1843-D3DF-45B0-852A-EDC4214FF009}
2011-10-14 13:21:56 -------- d-----w- C:\Users\John\AppData\Local\{4C6DD6EB-B4AB-4F69-902F-F716F600B91B}
2011-10-14 07:09:56 -------- d-----w- C:\Users\John\AppData\Local\{4DB9D253-8ED7-4FE4-A69B-7DC00E3B8DAE}
.
==================== Find3M ====================
.
2011-10-28 04:18:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 19:30:48 45904 ----a-w- C:\Windows\SysWow64\sbbd.exe
2011-09-06 19:30:48 45904 ----a-w- C:\Windows\System32\sbbd.exe
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-30 00:36:34 71256 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2011-08-30 00:36:34 55384 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2011-08-30 00:36:34 101720 ----a-w- C:\Windows\SysWow64\drivers\SBREDrv.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 18:40:55.47 ===============
Infected
in Resolved Malware Removal Logs
Posted
Still with you D-Fred. Busy running around for the holiday. I'll send you the results soon.
Appreciate your help & Happy Thanksgiving
John