Jump to content

Trojan Dropper BCMiner


Recommended Posts

As of today ive had issues of AVG pops up saying threat detected, Google searches going to a random page, and MalwareBytes finding 1 object but unable to remove it.

Threat name for AVG "Trojan horse Patched_c.LXT"....File name "c:/Windows/System32/services.exe

Attach

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/19/2011 7:25:53 PM

System Uptime: 7/20/2012 5:28:19 PM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2AC2

Processor: Intel® Core i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 759.546 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.43 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP59: 7/10/2012 10:53:55 PM - Windows Update

RP60: 7/12/2012 3:58:57 PM - Removed BabylonObjectInstaller

RP61: 7/20/2012 3:09:52 PM - Installed DirectX

RP62: 7/20/2012 4:33:53 PM - Restore Operation

.

==== Installed Programs ======================

.

µTorrent

802.11n Wireless LAN Card

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Agatha Christie - Peril at End House

Apple Application Support

Apple Software Update

Bejeweled 3

Bing Bar

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Cake Mania

CameraHelperMsi

Chronicles of Albian

Chuzzle Deluxe

Cradle of Rome 2

D3DX10

DVD Decrypter (Remove Only)

erLT

Farm Frenzy

FATE

Google Talk Plugin

Governor of Poker 2 Premium Edition

Hewlett-Packard ACLM.NET v1.1.1.0

HP Customer Experience Enhancements

HP Games

HP LinkUp

HP MovieStore

HP Odometer

HP Setup

HP Setup Manager

HP SimplePass PE 2011

HP Support Assistant

HP Support Information

HP Update

Intel® Control Center

Intel® Identity Protection Technology 1.1.2.0

Intel® Management Engine Components

Intel® Processor Graphics

Internet Download Manager

Java Auto Updater

Java 6 Update 30

Java 7 Update 5

JavaFX 2.1.1

Jewel Quest: The Sleepless Star - Collector's Edition

Junk Mail filter update

Kobo

LabelPrint

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Mah Jong Medley

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Microsoft Mathematics

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

mIRC

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

Norton Online Backup

Out of the Park Baseball 13

PDF Complete Special Edition

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Police Force

Power2Go

PressReader

Realtek High Definition Audio Driver

Reason 5.0

Recovery Manager

Remote Graphics Receiver

Remote Mouse version 1.50

RoxioNow Player

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.8

Slingo Supreme

SoulSeek 157 NS 13e

StreamTorrent 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands

VIP Access SDK (1.0.1.4)

Virtual Villagers 5 - New Believers

Visual Studio 2008 x64 Redistributables

VLC media player 2.0.1

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Messenger

Zinio Reader 4

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

7/20/2012 5:29:02 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/20/2012 5:29:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/20/2012 5:28:45 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/20/2012 5:28:43 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/20/2012 5:28:43 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

.

==== End Of File ===========================

DDS

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by jk at 17:31:21 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4302 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [Google Update] "C:\Users\jk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{10E95479-1198-431B-9936-6DD7F2D361C6} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{30DAA431-0433-4787-8D69-5363B8238F30} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\jk\AppData\Roaming\Mozilla\Firefox\Profiles\dm4gl0fx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\jk\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\jk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\jk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111787

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 1091fab2000000000000d0df9a7f5762

FF - user.js: extensions.BabylonToolbar_i.hardId - 1091fab2000000000000d0df9a7f5762

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:46:54

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-8-12 1128952]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-12 2656280]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-20 22:20:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-20 22:12:10 -------- d-----w- C:\Users\jk\AppData\Roaming\RedDotGames

2012-07-20 22:10:59 5554512 ----a-w- C:\Windows\System32\d3dcsx_42.dll

2012-07-20 21:56:10 -------- d-----w- C:\Program Files (x86)\DVD Decrypter

2012-07-20 19:32:12 -------- d-----w- C:\Users\jk\AppData\Roaming\mIRC

2012-07-20 19:32:11 -------- d-----w- C:\Program Files (x86)\mIRC

2012-07-12 23:01:25 -------- d-----w- C:\Users\jk\AppData\Local\MicrosoftStore

2012-07-12 19:59:35 -------- d-----w- C:\Users\jk\AppData\Local\FANiSO

2012-07-11 05:56:32 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-10 22:37:23 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-07-02 05:30:38 -------- d-----w- C:\Users\jk\AppData\Local\{18E10980-C3AC-4B78-B622-C04D2D8D56BE}

2012-07-02 05:30:27 -------- d-----w- C:\Users\jk\AppData\Local\{EE7FB3F8-CB11-4CE3-A2B7-2CEFC85CBEB0}

2012-07-01 05:14:04 -------- d-----w- C:\Users\jk\AppData\Local\{427FF6B0-70C4-4E13-918D-7C4594D89A14}

2012-07-01 05:13:54 -------- d-----w- C:\Users\jk\AppData\Local\{45FD7920-604B-4759-98CE-D461DB437767}

2012-06-27 21:00:38 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-27 21:00:13 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-27 20:54:27 -------- d-----w- C:\Users\jk\AppData\Roaming\.minecraft

2012-06-26 02:59:02 -------- d-----w- C:\Users\jk\AppData\Local\{24FA9293-D32D-45E4-91A9-BA62A62D1114}

2012-06-26 02:58:51 -------- d-----w- C:\Users\jk\AppData\Local\{0CC7ACD3-7788-48AA-AE2E-510913A9F489}

2012-06-25 04:57:43 -------- d-----w- C:\Users\jk\AppData\Local\{5E784052-C914-475B-9724-234D993DF3BF}

2012-06-25 04:57:32 -------- d-----w- C:\Users\jk\AppData\Local\{B57FD7E1-66E5-4423-9267-E5378B6D6805}

2012-06-25 04:34:47 -------- d-----w- C:\Users\jk\AppData\Local\{3B814F19-51A3-453A-B5CE-1FF3243C8AFE}

2012-06-25 04:29:51 -------- d-----w- C:\Program Files\Propellerhead

2012-06-25 04:20:46 -------- d-----w- C:\Users\jk\AppData\Local\{7B08C4D7-EB26-4D3F-B159-8A7E9F828EC4}

2012-06-25 04:20:35 -------- d-----w- C:\Users\jk\AppData\Local\{F6494445-2394-4690-8315-190570531CAC}

2012-06-25 04:20:05 -------- d-----w- C:\Windows\en

2012-06-25 04:17:53 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d5426951cd528903\DSETUP.dll

2012-06-25 04:17:53 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d5426951cd528903\DXSETUP.exe

2012-06-25 04:17:53 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d5426951cd528903\dsetup32.dll

2012-06-25 04:17:53 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d9109691cd528904\MeshBetaRemover.exe

2012-06-25 04:17:50 -------- d-----w- C:\Users\jk\AppData\Local\{49FDB53B-913D-4006-9A5D-B6E9BDFF1758}

2012-06-25 04:17:28 -------- d-----w- C:\Users\jk\AppData\Local\{EFE55C35-B71B-4689-A69B-9286A6849D39}

2012-06-25 04:17:17 -------- d-----w- C:\Users\jk\AppData\Local\{B6D6D538-01D2-4EEB-B205-AFE7454273F0}

2012-06-25 04:16:59 -------- d-----w- C:\Users\jk\AppData\Local\{ACBF606D-B58A-4FD1-B272-5068D988BBA6}

2012-06-25 04:16:48 -------- d-----w- C:\Users\jk\AppData\Local\{A51BFA65-CB7E-4E8C-B546-0491F6BB3392}

2012-06-25 02:19:23 -------- d-----w- C:\Users\jk\AppData\Local\{983262F3-0973-4D01-B813-C55B6BD3C3E6}

2012-06-23 00:25:14 -------- d-----w- C:\Users\jk\AppData\Local\{78A560EC-DA11-421C-80FC-6E2F3B0D8016}

2012-06-21 19:19:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 19:18:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 19:18:43 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 19:18:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-16 18:53:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-16 18:53:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-05-05 02:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-30 21:47:34 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 17:32:19.01 ===============

Link to post
Share on other sites

Welcome to the forum.

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

------------------------------

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 20-07-2012 19:37:59

Running from K:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-25] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391960 2011-04-25] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418584 2011-04-25] (Intel Corporation)

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKU\jk\...\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3474840 2012-02-27] (Tonec Inc.)

HKU\jk\...\Run: [Google Update] "C:\Users\jk\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-06] (Google Inc.)

HKU\Mcx1-JK-HP\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

2 HPSLPSVC; C:\Users\jk\AppData\Local\Temp\7zS2C9C\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-01-31] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)

1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)

3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)

2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [149640 2012-02-07] (Tonec Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [31152 2011-08-12] ()

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-20 16:33 - 2012-07-20 16:33 - 00023482 ____A C:\Users\jk\Desktop\DDS.txt

2012-07-20 16:32 - 2012-07-20 16:32 - 00006817 ____A C:\Users\jk\Desktop\1.txt

2012-07-20 16:30 - 2012-07-20 16:30 - 00607260 ____R (Swearware) C:\Users\jk\Downloads\dds.scr

2012-07-20 14:20 - 2012-07-20 15:36 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-20 14:12 - 2012-07-20 14:12 - 00000000 ____D C:\Users\jk\AppData\Roaming\RedDotGames

2012-07-20 14:11 - 2010-06-02 03:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2012-07-20 14:11 - 2010-06-02 03:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll

2012-07-20 14:11 - 2010-06-02 03:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2012-07-20 14:11 - 2010-06-02 03:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll

2012-07-20 14:11 - 2010-06-02 03:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll

2012-07-20 14:11 - 2010-06-02 03:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll

2012-07-20 14:11 - 2010-05-26 10:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2012-07-20 14:11 - 2010-02-04 09:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll

2012-07-20 14:11 - 2010-02-04 09:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2012-07-20 14:11 - 2010-02-04 09:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2012-07-20 14:11 - 2010-02-04 09:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll

2012-07-20 14:11 - 2010-02-04 09:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll

2012-07-20 14:11 - 2010-02-04 09:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2012-07-20 14:11 - 2010-02-04 09:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll

2012-07-20 14:11 - 2010-02-04 09:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2012-07-20 14:11 - 2009-09-04 16:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll

2012-07-20 14:10 - 2009-09-04 16:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2012-07-20 14:10 - 2009-09-04 16:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll

2012-07-20 14:10 - 2009-09-04 16:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll

2012-07-20 14:10 - 2009-09-04 16:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll

2012-07-20 14:10 - 2009-09-04 16:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2012-07-20 14:10 - 2009-09-04 16:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll

2012-07-20 14:10 - 2009-09-04 16:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll

2012-07-20 14:10 - 2009-09-04 16:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2012-07-20 14:10 - 2009-09-04 16:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2012-07-20 14:10 - 2009-09-04 16:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll

2012-07-20 14:10 - 2009-09-04 16:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2012-07-20 14:10 - 2009-03-16 13:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll

2012-07-20 14:10 - 2009-03-16 13:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2012-07-20 14:10 - 2009-03-16 13:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2012-07-20 14:10 - 2009-03-16 13:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll

2012-07-20 14:10 - 2009-03-16 13:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll

2012-07-20 14:10 - 2009-03-16 13:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2012-07-20 14:10 - 2009-03-09 14:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll

2012-07-20 14:10 - 2009-03-09 14:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll

2012-07-20 14:10 - 2008-10-27 09:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll

2012-07-20 14:10 - 2008-10-27 09:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2012-07-20 14:10 - 2008-10-27 09:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll

2012-07-20 14:10 - 2008-10-27 09:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll

2012-07-20 14:10 - 2008-10-27 09:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2012-07-20 14:10 - 2008-10-15 05:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll

2012-07-20 14:10 - 2008-10-15 05:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2012-07-20 14:10 - 2008-10-15 05:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll

2012-07-20 14:10 - 2008-10-15 05:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2012-07-20 14:10 - 2008-10-15 05:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll

2012-07-20 14:10 - 2008-10-15 05:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2012-07-20 13:56 - 2012-07-20 13:56 - 00000000 ____D C:\Program Files (x86)\DVD Decrypter

2012-07-20 11:32 - 2012-07-20 13:52 - 00000000 ____D C:\Users\jk\AppData\Roaming\mIRC

2012-07-20 11:32 - 2012-07-20 11:32 - 00000000 ____D C:\Program Files (x86)\mIRC

2012-07-20 11:28 - 2012-07-20 11:46 - 552157910 ____A C:\Users\jk\Downloads\sara jay newmeat.wmv

2012-07-18 21:33 - 2011-04-14 18:38 - 00743049 ____A C:\Users\jk\Documents\VID 00051.3GP

2012-07-18 21:33 - 2011-04-14 18:38 - 00459299 ____A C:\Users\jk\Documents\VID 00053.3GP

2012-07-18 21:32 - 2012-07-18 21:32 - 00000000 ____D C:\Users\jk\Documents\piks

2012-07-18 21:32 - 2012-07-18 21:32 - 00000000 ____D C:\Users\jk\Documents\golf

2012-07-15 18:18 - 2012-07-15 18:22 - 390570916 ____A C:\Users\jk\Desktop\'max.payne_wish_1e3a7_e977a.flv'

2012-07-12 15:01 - 2012-07-12 15:01 - 00000000 ____D C:\Users\jk\AppData\Local\MicrosoftStore

2012-07-12 14:46 - 2012-07-12 14:46 - 00000237 ____A C:\user.js

2012-07-12 11:59 - 2012-07-12 11:59 - 00000000 ____D C:\Users\jk\AppData\Local\FANiSO

2012-07-10 21:56 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-10 21:54 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-10 21:54 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-10 21:54 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-10 21:54 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-10 21:54 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-10 21:54 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-10 21:54 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-10 21:54 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-10 21:54 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-10 21:54 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-10 21:54 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-10 21:54 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-10 21:54 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-10 21:54 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-10 21:54 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-10 21:54 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-10 21:54 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-10 21:54 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-10 21:54 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-10 21:54 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-10 21:54 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-10 21:54 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-10 21:54 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-10 21:54 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-10 21:54 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-10 21:54 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-10 21:54 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-10 21:54 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-10 14:37 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-10 14:37 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-10 14:37 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-10 14:37 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-10 14:37 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-10 14:37 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-10 14:37 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-10 14:37 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-10 14:37 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-10 14:37 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-10 14:37 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-10 14:37 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-10 14:37 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-10 14:37 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-10 14:37 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-10 14:37 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-10 14:37 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-10 14:37 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-10 14:37 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-06 21:24 - 2012-07-06 21:49 - 00000000 ____D C:\Users\jk\Desktop\TV Shows

2012-07-01 21:30 - 2012-07-01 21:30 - 00000000 ____D C:\Users\jk\AppData\Local\{EE7FB3F8-CB11-4CE3-A2B7-2CEFC85CBEB0}

2012-07-01 21:30 - 2012-07-01 21:30 - 00000000 ____D C:\Users\jk\AppData\Local\{18E10980-C3AC-4B78-B622-C04D2D8D56BE}

2012-06-30 21:14 - 2012-06-30 21:14 - 00000000 ____D C:\Users\jk\AppData\Local\{427FF6B0-70C4-4E13-918D-7C4594D89A14}

2012-06-30 21:13 - 2012-06-30 21:14 - 00000000 ____D C:\Users\jk\AppData\Local\{45FD7920-604B-4759-98CE-D461DB437767}

2012-06-30 15:26 - 2012-06-30 15:26 - 00000000 ____D C:\Users\jk\Downloads\SexUnderwater.12.06.24.Hot.censoreding.Afternoon.XXX.HR.WMV-KTR[rbg]

2012-06-27 13:00 - 2012-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\Oracle

2012-06-27 13:00 - 2012-05-04 18:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-06-27 13:00 - 2012-05-04 18:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-06-27 12:59 - 2012-06-27 12:59 - 00000000 ____D C:\Users\All Users\McAfee

2012-06-27 12:54 - 2012-06-27 13:36 - 00000000 ____D C:\Users\jk\AppData\Roaming\.minecraft

2012-06-25 18:59 - 2012-06-25 18:59 - 00000000 ____D C:\Users\jk\AppData\Local\{24FA9293-D32D-45E4-91A9-BA62A62D1114}

2012-06-25 18:58 - 2012-06-25 18:59 - 00000000 ____D C:\Users\jk\AppData\Local\{0CC7ACD3-7788-48AA-AE2E-510913A9F489}

2012-06-24 20:57 - 2012-06-24 20:57 - 00000000 ____D C:\Users\jk\AppData\Local\{B57FD7E1-66E5-4423-9267-E5378B6D6805}

2012-06-24 20:57 - 2012-06-24 20:57 - 00000000 ____D C:\Users\jk\AppData\Local\{5E784052-C914-475B-9724-234D993DF3BF}

2012-06-24 20:34 - 2012-06-24 20:34 - 00000000 ____D C:\Users\jk\AppData\Local\{3B814F19-51A3-453A-B5CE-1FF3243C8AFE}

2012-06-24 20:29 - 2012-06-24 20:29 - 00000000 ____D C:\Program Files\Propellerhead

2012-06-24 20:20 - 2012-06-24 20:20 - 00000000 ____D C:\Windows\en

2012-06-24 20:20 - 2012-06-24 20:20 - 00000000 ____D C:\Users\jk\AppData\Local\{F6494445-2394-4690-8315-190570531CAC}

2012-06-24 20:20 - 2012-06-24 20:20 - 00000000 ____D C:\Users\jk\AppData\Local\{7B08C4D7-EB26-4D3F-B159-8A7E9F828EC4}

2012-06-24 20:17 - 2012-06-24 20:17 - 00000000 ____D C:\Users\jk\AppData\Local\{EFE55C35-B71B-4689-A69B-9286A6849D39}

2012-06-24 20:17 - 2012-06-24 20:17 - 00000000 ____D C:\Users\jk\AppData\Local\{B6D6D538-01D2-4EEB-B205-AFE7454273F0}

2012-06-24 20:17 - 2012-06-24 20:17 - 00000000 ____D C:\Users\jk\AppData\Local\{49FDB53B-913D-4006-9A5D-B6E9BDFF1758}

2012-06-24 20:16 - 2012-06-24 20:17 - 00000000 ____D C:\Users\jk\AppData\Local\{ACBF606D-B58A-4FD1-B272-5068D988BBA6}

2012-06-24 20:16 - 2012-06-24 20:16 - 00000000 ____D C:\Users\jk\AppData\Local\{A51BFA65-CB7E-4E8C-B546-0491F6BB3392}

2012-06-24 18:19 - 2012-06-24 18:19 - 00000000 ____D C:\Users\jk\AppData\Local\{983262F3-0973-4D01-B813-C55B6BD3C3E6}

2012-06-22 16:25 - 2012-06-22 16:25 - 00000000 ____D C:\Users\jk\AppData\Local\{78A560EC-DA11-421C-80FC-6E2F3B0D8016}

2012-06-21 11:19 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-21 11:19 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-21 11:19 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-21 11:19 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-21 11:18 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-21 11:18 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-21 11:18 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-21 11:18 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-21 11:18 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-20 18:31 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-20 18:31 - 2009-07-13 20:51 - 00071388 ____A C:\Windows\setupact.log

2012-07-20 18:27 - 2011-11-19 19:25 - 01252341 ____A C:\Windows\WindowsUpdate.log

2012-07-20 18:05 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-20 17:28 - 2011-12-06 22:08 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221318694-525691764-1706660316-1001UA.job

2012-07-20 17:09 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-20 17:09 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-20 17:02 - 2010-11-20 19:47 - 00552720 ____A C:\Windows\PFRO.log

2012-07-20 16:33 - 2012-07-20 16:33 - 00023482 ____A C:\Users\jk\Desktop\DDS.txt

2012-07-20 16:32 - 2012-07-20 16:32 - 00006817 ____A C:\Users\jk\Desktop\1.txt

2012-07-20 16:30 - 2012-07-20 16:30 - 00607260 ____R (Swearware) C:\Users\jk\Downloads\dds.scr

2012-07-20 15:29 - 2012-04-24 13:23 - 00000258 _RASH C:\Users\All Users\ntuser.pol

2012-07-20 15:29 - 2009-07-13 20:45 - 00268944 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-20 14:10 - 2011-08-12 19:58 - 00029342 ____A C:\Windows\DirectX.log

2012-07-20 11:46 - 2012-07-20 11:28 - 552157910 ____A C:\Users\jk\Downloads\sara jay newmeat.wmv

2012-07-19 16:40 - 2011-12-06 22:08 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221318694-525691764-1706660316-1001Core.job

2012-07-16 10:53 - 2012-04-02 09:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-16 10:53 - 2011-08-12 19:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-16 10:52 - 2011-11-27 21:53 - 00000320 ____A C:\Windows\Tasks\HPCeeScheduleForjk.job

2012-07-15 20:23 - 2011-11-27 21:53 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-07-15 20:23 - 2011-11-20 21:19 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-07-15 18:22 - 2012-07-15 18:18 - 390570916 ____A C:\Users\jk\Desktop\'max.payne_wish_1e3a7_e977a.flv'

2012-07-12 14:46 - 2012-07-12 14:46 - 00000237 ____A C:\user.js

2012-07-10 21:55 - 2012-01-03 10:59 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 12:46 - 2012-05-10 16:27 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-27 12:59 - 2011-12-18 19:26 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-06-27 12:59 - 2011-12-18 19:26 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-06-13 11:16 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-06-11 19:08 - 2012-07-10 21:56 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-10 14:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-10 14:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 20:27 - 2012-06-06 20:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-06-05 22:06 - 2012-07-10 14:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-10 14:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-10 14:37 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-10 14:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-10 14:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-10 14:37 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-06-21 11:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 11:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 11:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 11:18 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 11:18 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:19 - 2012-06-21 11:18 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-21 11:19 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-21 11:18 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:15 - 2012-06-21 11:18 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-10 21:54 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-10 21:54 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-10 21:54 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-10 21:54 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-10 21:54 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-10 21:54 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-10 21:54 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-10 21:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-10 21:54 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-10 21:54 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-10 21:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-10 21:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-10 21:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-10 21:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-10 21:54 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-10 21:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-10 21:54 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-10 21:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-10 21:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-10 21:54 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-10 21:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-10 21:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-10 21:54 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-10 21:54 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-10 21:54 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-10 21:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-10 21:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-10 21:54 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-10 14:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-10 14:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-10 14:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-10 14:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-10 14:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-10 14:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-10 14:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-10 14:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-10 14:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-30 22:08 - 2012-05-30 22:08 - 53505952 ____A C:\Users\jk\Desktop\Rich_The_Factor-Gates_Sauce_To_A_Boss-2012-FiH.zip

2012-05-04 18:29 - 2012-06-27 13:00 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-05-04 18:29 - 2012-06-27 13:00 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-05-04 18:29 - 2011-12-18 19:26 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-05-04 03:06 - 2012-06-13 11:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:03 - 2012-06-13 11:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-13 11:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-04-30 21:40 - 2012-06-13 11:22 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-30 13:47 - 2012-04-30 13:47 - 00191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe

2012-04-30 13:47 - 2012-04-30 13:47 - 00172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe

2012-04-30 13:47 - 2012-04-30 13:47 - 00172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe

2012-04-30 13:47 - 2011-12-17 14:48 - 00525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll

2012-04-27 19:55 - 2012-06-13 11:22 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-25 21:41 - 2012-06-13 11:22 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-25 21:41 - 2012-06-13 11:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-25 21:34 - 2012-06-13 11:22 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-24 13:24 - 2012-04-24 13:24 - 00000020 __ASH C:\Users\Mcx1-JK-HP\ntuser.ini

2012-04-23 21:37 - 2012-06-13 11:22 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 21:37 - 2012-06-13 11:22 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 21:37 - 2012-06-13 11:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 20:36 - 2012-06-13 11:22 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 20:36 - 2012-06-13 11:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 20:36 - 2012-06-13 11:22 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\@

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\L

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\U

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\L\00000004.@

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\L\1afb2d56

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\L\201d3dde

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\U\00000004.@

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\U\00000008.@

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\U\000000cb.@

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\U\80000000.@

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\U\80000032.@

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%

Total physical RAM: 6050.52 MB

Available physical RAM: 5054.96 MB

Total Pagefile: 6048.71 MB

Available Pagefile: 5044.14 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:919.73 GB) (Free:759.22 GB) NTFS

2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]

8 Drive k: () (Removable) (Total:7.44 GB) (Free:6.66 GB) FAT32

9 Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS

10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 Online 7633 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 919 GB 101 MB

Partition 3 Primary 11 GB 919 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 919 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Partitions of Disk 5:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 5

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 K FAT32 Removable 7633 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 12:02

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-20 19:41:44

Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-21 10:46:09 Run:1

Running from K:\

==============================================

C:\Windows\Installer\{b38f056e-006e-8d7a-6bb4-ac636ba3d603} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Well Done! We have to run a couple of more scans.....

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

11:03:26.0198 0992 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

11:03:26.0619 0992 ============================================================

11:03:26.0619 0992 Current date / time: 2012/07/21 11:03:26.0619

11:03:26.0619 0992 SystemInfo:

11:03:26.0619 0992

11:03:26.0619 0992 OS Version: 6.1.7601 ServicePack: 1.0

11:03:26.0619 0992 Product type: Workstation

11:03:26.0619 0992 ComputerName: JK-HP

11:03:26.0619 0992 UserName: jk

11:03:26.0619 0992 Windows directory: C:\Windows

11:03:26.0619 0992 System windows directory: C:\Windows

11:03:26.0619 0992 Running under WOW64

11:03:26.0619 0992 Processor architecture: Intel x64

11:03:26.0619 0992 Number of processors: 4

11:03:26.0619 0992 Page size: 0x1000

11:03:26.0619 0992 Boot type: Normal boot

11:03:26.0619 0992 ============================================================

11:03:27.0227 0992 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:03:27.0243 0992 ============================================================

11:03:27.0243 0992 \Device\Harddisk0\DR0:

11:03:27.0243 0992 MBR partitions:

11:03:27.0243 0992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

11:03:27.0243 0992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F78000

11:03:27.0243 0992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72FAA800, BlocksNum 0x175B800

11:03:27.0243 0992 ============================================================

11:03:27.0290 0992 C: <-> \Device\Harddisk0\DR0\Partition1

11:03:27.0337 0992 D: <-> \Device\Harddisk0\DR0\Partition2

11:03:27.0337 0992 ============================================================

11:03:27.0337 0992 Initialize success

11:03:27.0337 0992 ============================================================

11:03:59.0052 4924 Deinitialize success

11:04:27.0050 3244 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

11:04:27.0518 3244 ============================================================

11:04:27.0518 3244 Current date / time: 2012/07/21 11:04:27.0518

11:04:27.0518 3244 SystemInfo:

11:04:27.0518 3244

11:04:27.0518 3244 OS Version: 6.1.7601 ServicePack: 1.0

11:04:27.0518 3244 Product type: Workstation

11:04:27.0518 3244 ComputerName: JK-HP

11:04:27.0518 3244 UserName: jk

11:04:27.0518 3244 Windows directory: C:\Windows

11:04:27.0518 3244 System windows directory: C:\Windows

11:04:27.0518 3244 Running under WOW64

11:04:27.0518 3244 Processor architecture: Intel x64

11:04:27.0518 3244 Number of processors: 4

11:04:27.0518 3244 Page size: 0x1000

11:04:27.0518 3244 Boot type: Normal boot

11:04:27.0518 3244 ============================================================

11:04:27.0862 3244 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:04:27.0877 3244 ============================================================

11:04:27.0877 3244 \Device\Harddisk0\DR0:

11:04:27.0877 3244 MBR partitions:

11:04:27.0877 3244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

11:04:27.0877 3244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F78000

11:04:27.0877 3244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72FAA800, BlocksNum 0x175B800

11:04:27.0877 3244 ============================================================

11:04:27.0908 3244 C: <-> \Device\Harddisk0\DR0\Partition1

11:04:27.0971 3244 D: <-> \Device\Harddisk0\DR0\Partition2

11:04:27.0971 3244 ============================================================

11:04:27.0971 3244 Initialize success

11:04:27.0971 3244 ============================================================

11:05:05.0582 2052 ============================================================

11:05:05.0582 2052 Scan started

11:05:05.0598 2052 Mode: Manual; SigCheck; TDLFS;

11:05:05.0598 2052 ============================================================

11:05:07.0517 2052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:05:07.0673 2052 1394ohci - ok

11:05:07.0704 2052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:05:07.0720 2052 ACPI - ok

11:05:07.0735 2052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:05:07.0782 2052 AcpiPmi - ok

11:05:07.0829 2052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:05:07.0860 2052 adp94xx - ok

11:05:07.0891 2052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:05:07.0907 2052 adpahci - ok

11:05:07.0922 2052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:05:07.0938 2052 adpu320 - ok

11:05:07.0969 2052 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:05:08.0078 2052 AeLookupSvc - ok

11:05:08.0125 2052 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:05:08.0188 2052 AFD - ok

11:05:08.0219 2052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:05:08.0234 2052 agp440 - ok

11:05:08.0266 2052 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:05:08.0297 2052 ALG - ok

11:05:08.0312 2052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:05:08.0328 2052 aliide - ok

11:05:08.0328 2052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:05:08.0344 2052 amdide - ok

11:05:08.0359 2052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:05:08.0390 2052 AmdK8 - ok

11:05:08.0390 2052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

11:05:08.0422 2052 AmdPPM - ok

11:05:08.0453 2052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:05:08.0468 2052 amdsata - ok

11:05:08.0500 2052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:05:08.0515 2052 amdsbs - ok

11:05:08.0546 2052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:05:08.0563 2052 amdxata - ok

11:05:08.0594 2052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:05:08.0641 2052 AppID - ok

11:05:08.0672 2052 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:05:08.0719 2052 AppIDSvc - ok

11:05:08.0735 2052 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:05:08.0766 2052 Appinfo - ok

11:05:08.0859 2052 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:05:08.0875 2052 Apple Mobile Device - ok

11:05:08.0891 2052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:05:08.0906 2052 arc - ok

11:05:08.0937 2052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:05:08.0953 2052 arcsas - ok

11:05:09.0015 2052 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

11:05:09.0031 2052 aspnet_state - ok

11:05:09.0047 2052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:05:09.0093 2052 AsyncMac - ok

11:05:09.0125 2052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:05:09.0140 2052 atapi - ok

11:05:09.0218 2052 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:05:09.0281 2052 AudioEndpointBuilder - ok

11:05:09.0281 2052 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:05:09.0312 2052 AudioSrv - ok

11:05:09.0717 2052 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

11:05:09.0780 2052 AVGIDSAgent - ok

11:05:09.0951 2052 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys

11:05:09.0967 2052 AVGIDSDriver - ok

11:05:10.0014 2052 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys

11:05:10.0029 2052 AVGIDSFilter - ok

11:05:10.0061 2052 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys

11:05:10.0076 2052 AVGIDSHA - ok

11:05:10.0107 2052 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys

11:05:10.0123 2052 Avgldx64 - ok

11:05:10.0139 2052 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys

11:05:10.0154 2052 Avgmfx64 - ok

11:05:10.0201 2052 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys

11:05:10.0217 2052 Avgrkx64 - ok

11:05:10.0263 2052 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys

11:05:10.0279 2052 Avgtdia - ok

11:05:10.0357 2052 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

11:05:10.0373 2052 avgwd - ok

11:05:10.0404 2052 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:05:10.0466 2052 AxInstSV - ok

11:05:10.0513 2052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:05:10.0544 2052 b06bdrv - ok

11:05:10.0591 2052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:05:10.0607 2052 b57nd60a - ok

11:05:10.0716 2052 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

11:05:10.0731 2052 BBSvc - ok

11:05:10.0794 2052 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:05:10.0841 2052 BDESVC - ok

11:05:10.0919 2052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:05:10.0981 2052 Beep - ok

11:05:11.0402 2052 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

11:05:11.0465 2052 BITS - ok

11:05:11.0589 2052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

11:05:11.0636 2052 blbdrive - ok

11:05:11.0745 2052 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

11:05:11.0761 2052 Bonjour Service - ok

11:05:11.0792 2052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:05:11.0808 2052 bowser - ok

11:05:11.0886 2052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:05:11.0917 2052 BrFiltLo - ok

11:05:12.0089 2052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:05:12.0104 2052 BrFiltUp - ok

11:05:12.0135 2052 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:05:12.0182 2052 Browser - ok

11:05:12.0213 2052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:05:12.0229 2052 Brserid - ok

11:05:12.0307 2052 BrSerIf (80e52ef092f3dad03e0ee15e64f97245) C:\Windows\system32\DRIVERS\BrSerIf.sys

11:05:12.0338 2052 BrSerIf - ok

11:05:12.0385 2052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:05:12.0401 2052 BrSerWdm - ok

11:05:12.0463 2052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:05:12.0494 2052 BrUsbMdm - ok

11:05:12.0510 2052 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys

11:05:12.0525 2052 BrUsbSer - ok

11:05:12.0541 2052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

11:05:12.0557 2052 BTHMODEM - ok

11:05:12.0603 2052 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:05:12.0635 2052 bthserv - ok

11:05:12.0650 2052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:05:12.0666 2052 cdfs - ok

11:05:12.0697 2052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:05:12.0728 2052 cdrom - ok

11:05:12.0744 2052 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:05:12.0806 2052 CertPropSvc - ok

11:05:12.0837 2052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

11:05:12.0869 2052 circlass - ok

11:05:12.0900 2052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:05:12.0931 2052 CLFS - ok

11:05:12.0978 2052 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:05:12.0993 2052 clr_optimization_v2.0.50727_32 - ok

11:05:13.0040 2052 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:05:13.0056 2052 clr_optimization_v2.0.50727_64 - ok

11:05:13.0118 2052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:05:13.0134 2052 clr_optimization_v4.0.30319_32 - ok

11:05:13.0149 2052 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:05:13.0181 2052 clr_optimization_v4.0.30319_64 - ok

11:05:13.0212 2052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

11:05:13.0243 2052 CmBatt - ok

11:05:13.0243 2052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:05:13.0259 2052 cmdide - ok

11:05:13.0337 2052 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

11:05:13.0368 2052 CNG - ok

11:05:13.0383 2052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:05:13.0383 2052 Compbatt - ok

11:05:13.0415 2052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:05:13.0415 2052 CompositeBus - ok

11:05:13.0430 2052 COMSysApp - ok

11:05:13.0446 2052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:05:13.0477 2052 crcdisk - ok

11:05:13.0508 2052 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

11:05:13.0539 2052 CryptSvc - ok

11:05:13.0586 2052 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:05:13.0649 2052 DcomLaunch - ok

11:05:13.0664 2052 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:05:13.0711 2052 defragsvc - ok

11:05:13.0742 2052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:05:13.0789 2052 DfsC - ok

11:05:13.0836 2052 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:05:13.0867 2052 Dhcp - ok

11:05:13.0883 2052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:05:13.0914 2052 discache - ok

11:05:13.0961 2052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:05:13.0961 2052 Disk - ok

11:05:13.0992 2052 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:05:14.0023 2052 Dnscache - ok

11:05:14.0054 2052 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:05:14.0101 2052 dot3svc - ok

11:05:14.0117 2052 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:05:14.0148 2052 DPS - ok

11:05:14.0163 2052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:05:14.0179 2052 drmkaud - ok

11:05:14.0241 2052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:05:14.0257 2052 DXGKrnl - ok

11:05:14.0273 2052 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:05:14.0319 2052 EapHost - ok

11:05:14.0491 2052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:05:14.0538 2052 ebdrv - ok

11:05:14.0616 2052 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:05:14.0631 2052 EFS - ok

11:05:14.0725 2052 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:05:14.0772 2052 ehRecvr - ok

11:05:14.0787 2052 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:05:14.0803 2052 ehSched - ok

11:05:14.0865 2052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:05:14.0897 2052 elxstor - ok

11:05:14.0912 2052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:05:14.0928 2052 ErrDev - ok

11:05:14.0975 2052 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:05:15.0006 2052 EventSystem - ok

11:05:15.0021 2052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:05:15.0053 2052 exfat - ok

11:05:15.0068 2052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:05:15.0099 2052 fastfat - ok

11:05:15.0162 2052 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:05:15.0209 2052 Fax - ok

11:05:15.0224 2052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:05:15.0255 2052 fdc - ok

11:05:15.0287 2052 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:05:15.0318 2052 fdPHost - ok

11:05:15.0333 2052 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:05:15.0365 2052 FDResPub - ok

11:05:15.0380 2052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:05:15.0380 2052 FileInfo - ok

11:05:15.0396 2052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:05:15.0443 2052 Filetrace - ok

11:05:15.0474 2052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:05:15.0489 2052 flpydisk - ok

11:05:15.0521 2052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:05:15.0521 2052 FltMgr - ok

11:05:15.0630 2052 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:05:15.0692 2052 FontCache - ok

11:05:15.0755 2052 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:05:15.0770 2052 FontCache3.0.0.0 - ok

11:05:15.0817 2052 FPLService (71cdc1d7f58d5ec49ebc2e2332ad3fae) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

11:05:15.0833 2052 FPLService - ok

11:05:15.0911 2052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:05:15.0926 2052 FsDepends - ok

11:05:15.0942 2052 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:05:15.0957 2052 Fs_Rec - ok

11:05:15.0989 2052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:05:16.0004 2052 fvevol - ok

11:05:16.0035 2052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:05:16.0035 2052 gagp30kx - ok

11:05:16.0082 2052 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

11:05:16.0098 2052 GamesAppService - ok

11:05:16.0113 2052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:05:16.0129 2052 GEARAspiWDM - ok

11:05:16.0191 2052 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:05:16.0238 2052 gpsvc - ok

11:05:16.0254 2052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:05:16.0269 2052 hcw85cir - ok

11:05:16.0301 2052 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:05:16.0316 2052 HdAudAddService - ok

11:05:16.0347 2052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:05:16.0363 2052 HDAudBus - ok

11:05:16.0363 2052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:05:16.0394 2052 HidBatt - ok

11:05:16.0410 2052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

11:05:16.0425 2052 HidBth - ok

11:05:16.0441 2052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

11:05:16.0457 2052 HidIr - ok

11:05:16.0488 2052 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

11:05:16.0503 2052 hidserv - ok

11:05:16.0535 2052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:05:16.0550 2052 HidUsb - ok

11:05:16.0581 2052 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:05:16.0613 2052 hkmsvc - ok

11:05:16.0644 2052 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:05:16.0691 2052 HomeGroupListener - ok

11:05:16.0706 2052 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:05:16.0737 2052 HomeGroupProvider - ok

11:05:16.0815 2052 HP Support Assistant Service (531d1843c7a411f4e41ec6786f291e5f) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

11:05:16.0831 2052 HP Support Assistant Service - ok

11:05:16.0878 2052 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

11:05:16.0893 2052 HPClientSvc - ok

11:05:16.0925 2052 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

11:05:16.0940 2052 HPDrvMntSvc.exe - ok

11:05:17.0003 2052 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

11:05:17.0018 2052 hpqwmiex - ok

11:05:17.0127 2052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:05:17.0143 2052 HpSAMD - ok

11:05:17.0408 2052 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Users\jk\AppData\Local\Temp\7zS2C9C\hpslpsvc64.dll

11:05:17.0455 2052 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

11:05:17.0455 2052 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

11:05:17.0611 2052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:05:17.0642 2052 HTTP - ok

11:05:17.0658 2052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:05:17.0658 2052 hwpolicy - ok

11:05:17.0689 2052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:05:17.0705 2052 i8042prt - ok

11:05:17.0736 2052 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys

11:05:17.0751 2052 iaStor - ok

11:05:17.0798 2052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:05:17.0814 2052 iaStorV - ok

11:05:17.0861 2052 IDMWFP (5534e14ef27ebe8563cdbce6b88501a3) C:\Windows\system32\DRIVERS\idmwfp.sys

11:05:17.0876 2052 IDMWFP - ok

11:05:17.0954 2052 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:05:17.0970 2052 idsvc - ok

11:05:18.0500 2052 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:05:18.0687 2052 igfx - ok

11:05:18.0781 2052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:05:18.0781 2052 iirsp - ok

11:05:18.0828 2052 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:05:18.0875 2052 IKEEXT - ok

11:05:18.0890 2052 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

11:05:18.0921 2052 Impcd - ok

11:05:19.0046 2052 IntcAzAudAddService (c7124da48e557d8f88d0d7f1254557f4) C:\Windows\system32\drivers\RTKVHD64.sys

11:05:19.0077 2052 IntcAzAudAddService - ok

11:05:19.0171 2052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:05:19.0187 2052 intelide - ok

11:05:19.0249 2052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

11:05:19.0265 2052 intelppm - ok

11:05:19.0327 2052 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:05:19.0358 2052 IPBusEnum - ok

11:05:19.0389 2052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:05:19.0405 2052 IpFilterDriver - ok

11:05:19.0452 2052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:05:19.0483 2052 IPMIDRV - ok

11:05:19.0499 2052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:05:19.0545 2052 IPNAT - ok

11:05:19.0717 2052 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

11:05:19.0748 2052 iPod Service - ok

11:05:19.0764 2052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:05:19.0779 2052 IRENUM - ok

11:05:19.0795 2052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:05:19.0795 2052 isapnp - ok

11:05:19.0826 2052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:05:19.0826 2052 iScsiPrt - ok

11:05:19.0904 2052 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

11:05:19.0904 2052 jhi_service - ok

11:05:19.0935 2052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:05:19.0935 2052 kbdclass - ok

11:05:19.0951 2052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:05:19.0982 2052 kbdhid - ok

11:05:19.0998 2052 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:05:20.0013 2052 KeyIso - ok

11:05:20.0045 2052 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

11:05:20.0045 2052 KSecDD - ok

11:05:20.0060 2052 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

11:05:20.0076 2052 KSecPkg - ok

11:05:20.0091 2052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:05:20.0123 2052 ksthunk - ok

11:05:20.0169 2052 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:05:20.0201 2052 KtmRm - ok

11:05:20.0232 2052 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

11:05:20.0263 2052 LanmanServer - ok

11:05:20.0279 2052 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:05:20.0310 2052 LanmanWorkstation - ok

11:05:20.0341 2052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:05:20.0372 2052 lltdio - ok

11:05:20.0419 2052 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:05:20.0450 2052 lltdsvc - ok

11:05:20.0513 2052 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:05:20.0528 2052 lmhosts - ok

11:05:20.0653 2052 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

11:05:20.0653 2052 LMS - ok

11:05:20.0731 2052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:05:20.0731 2052 LSI_FC - ok

11:05:20.0778 2052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:05:20.0778 2052 LSI_SAS - ok

11:05:20.0809 2052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:05:20.0809 2052 LSI_SAS2 - ok

11:05:20.0825 2052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:05:20.0840 2052 LSI_SCSI - ok

11:05:20.0856 2052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:05:20.0887 2052 luafv - ok

11:05:20.0949 2052 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys

11:05:20.0949 2052 LVRS64 - ok

11:05:21.0168 2052 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys

11:05:21.0246 2052 LVUVC64 - ok

11:05:21.0355 2052 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

11:05:21.0355 2052 MBAMProtector - ok

11:05:21.0433 2052 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:05:21.0449 2052 MBAMService - ok

11:05:21.0464 2052 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:05:21.0480 2052 Mcx2Svc - ok

11:05:21.0495 2052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:05:21.0495 2052 megasas - ok

11:05:21.0542 2052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:05:21.0542 2052 MegaSR - ok

11:05:21.0558 2052 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys

11:05:21.0573 2052 MEIx64 - ok

11:05:21.0573 2052 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:05:21.0605 2052 MMCSS - ok

11:05:21.0620 2052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:05:21.0651 2052 Modem - ok

11:05:21.0683 2052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:05:21.0698 2052 monitor - ok

11:05:21.0729 2052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:05:21.0745 2052 mouclass - ok

11:05:21.0761 2052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:05:21.0776 2052 mouhid - ok

11:05:21.0792 2052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:05:21.0807 2052 mountmgr - ok

11:05:21.0870 2052 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

11:05:21.0885 2052 MozillaMaintenance - ok

11:05:21.0901 2052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:05:21.0917 2052 mpio - ok

11:05:21.0917 2052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:05:21.0948 2052 mpsdrv - ok

11:05:21.0963 2052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:05:21.0995 2052 MRxDAV - ok

11:05:22.0010 2052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:05:22.0041 2052 mrxsmb - ok

11:05:22.0057 2052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:05:22.0057 2052 mrxsmb10 - ok

11:05:22.0073 2052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:05:22.0088 2052 mrxsmb20 - ok

11:05:22.0104 2052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:05:22.0104 2052 msahci - ok

11:05:22.0135 2052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:05:22.0151 2052 msdsm - ok

11:05:22.0166 2052 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:05:22.0182 2052 MSDTC - ok

11:05:22.0197 2052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:05:22.0229 2052 Msfs - ok

11:05:22.0244 2052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:05:22.0260 2052 mshidkmdf - ok

11:05:22.0275 2052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:05:22.0275 2052 msisadrv - ok

11:05:22.0307 2052 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:05:22.0338 2052 MSiSCSI - ok

11:05:22.0338 2052 msiserver - ok

11:05:22.0369 2052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:05:22.0400 2052 MSKSSRV - ok

11:05:22.0400 2052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:05:22.0431 2052 MSPCLOCK - ok

11:05:22.0447 2052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:05:22.0494 2052 MSPQM - ok

11:05:22.0525 2052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:05:22.0525 2052 MsRPC - ok

11:05:22.0556 2052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:05:22.0556 2052 mssmbios - ok

11:05:22.0572 2052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:05:22.0619 2052 MSTEE - ok

11:05:22.0619 2052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:05:22.0634 2052 MTConfig - ok

11:05:22.0650 2052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:05:22.0665 2052 Mup - ok

11:05:22.0697 2052 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:05:22.0728 2052 napagent - ok

11:05:22.0775 2052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:05:22.0775 2052 NativeWifiP - ok

11:05:22.0837 2052 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:05:22.0853 2052 NDIS - ok

11:05:22.0868 2052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:05:22.0899 2052 NdisCap - ok

11:05:22.0931 2052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:05:22.0962 2052 NdisTapi - ok

11:05:22.0977 2052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:05:22.0993 2052 Ndisuio - ok

11:05:23.0009 2052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:05:23.0040 2052 NdisWan - ok

11:05:23.0071 2052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:05:23.0102 2052 NDProxy - ok

11:05:23.0118 2052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:05:23.0149 2052 NetBIOS - ok

11:05:23.0180 2052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:05:23.0211 2052 NetBT - ok

11:05:23.0258 2052 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:05:23.0258 2052 Netlogon - ok

11:05:23.0352 2052 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:05:23.0399 2052 Netman - ok

11:05:23.0445 2052 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:05:23.0461 2052 NetMsmqActivator - ok

11:05:23.0461 2052 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:05:23.0461 2052 NetPipeActivator - ok

11:05:23.0492 2052 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:05:23.0539 2052 netprofm - ok

11:05:23.0617 2052 netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys

11:05:23.0633 2052 netr28x - ok

11:05:23.0711 2052 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:05:23.0711 2052 NetTcpActivator - ok

11:05:23.0711 2052 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:05:23.0726 2052 NetTcpPortSharing - ok

11:05:23.0789 2052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:05:23.0789 2052 nfrd960 - ok

11:05:23.0835 2052 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:05:23.0867 2052 NlaSvc - ok

11:05:24.0023 2052 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

11:05:24.0069 2052 NOBU - ok

11:05:24.0132 2052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:05:24.0163 2052 Npfs - ok

11:05:24.0179 2052 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:05:24.0210 2052 nsi - ok

11:05:24.0225 2052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:05:24.0257 2052 nsiproxy - ok

11:05:24.0350 2052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:05:24.0366 2052 Ntfs - ok

11:05:24.0444 2052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:05:24.0475 2052 Null - ok

11:05:24.0506 2052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:05:24.0522 2052 nvraid - ok

11:05:24.0537 2052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:05:24.0553 2052 nvstor - ok

11:05:24.0584 2052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:05:24.0584 2052 nv_agp - ok

11:05:24.0600 2052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:05:24.0615 2052 ohci1394 - ok

11:05:24.0647 2052 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:05:24.0678 2052 p2pimsvc - ok

11:05:24.0693 2052 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:05:24.0709 2052 p2psvc - ok

11:05:24.0740 2052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

11:05:24.0740 2052 Parport - ok

11:05:24.0771 2052 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

11:05:24.0787 2052 partmgr - ok

11:05:24.0818 2052 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:05:24.0834 2052 PcaSvc - ok

11:05:24.0849 2052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:05:24.0865 2052 pci - ok

11:05:24.0881 2052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:05:24.0881 2052 pciide - ok

11:05:24.0912 2052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:05:24.0912 2052 pcmcia - ok

11:05:24.0928 2052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:05:24.0943 2052 pcw - ok

11:05:24.0974 2052 pdfcDispatcher - ok

11:05:25.0006 2052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:05:25.0037 2052 PEAUTH - ok

11:05:25.0115 2052 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:05:25.0130 2052 PerfHost - ok

11:05:25.0427 2052 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:05:25.0474 2052 pla - ok

11:05:25.0552 2052 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:05:25.0583 2052 PlugPlay - ok

11:05:25.0661 2052 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys

11:05:25.0676 2052 pmxdrv - ok

11:05:25.0723 2052 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:05:25.0770 2052 PNRPAutoReg - ok

11:05:25.0832 2052 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:05:25.0848 2052 PNRPsvc - ok

11:05:25.0926 2052 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:05:25.0988 2052 PolicyAgent - ok

11:05:26.0020 2052 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:05:26.0051 2052 Power - ok

11:05:26.0082 2052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:05:26.0129 2052 PptpMiniport - ok

11:05:26.0129 2052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:05:26.0144 2052 Processor - ok

11:05:26.0176 2052 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

11:05:26.0207 2052 ProfSvc - ok

11:05:26.0222 2052 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:05:26.0238 2052 ProtectedStorage - ok

11:05:26.0254 2052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:05:26.0285 2052 Psched - ok

11:05:26.0378 2052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:05:26.0394 2052 ql2300 - ok

11:05:26.0488 2052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:05:26.0503 2052 ql40xx - ok

11:05:26.0519 2052 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:05:26.0534 2052 QWAVE - ok

11:05:26.0534 2052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:05:26.0566 2052 QWAVEdrv - ok

11:05:26.0581 2052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:05:26.0628 2052 RasAcd - ok

11:05:26.0644 2052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:05:26.0659 2052 RasAgileVpn - ok

11:05:26.0675 2052 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:05:26.0706 2052 RasAuto - ok

11:05:26.0722 2052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:05:26.0753 2052 Rasl2tp - ok

11:05:26.0784 2052 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:05:26.0815 2052 RasMan - ok

11:05:26.0831 2052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:05:26.0862 2052 RasPppoe - ok

11:05:26.0878 2052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:05:26.0909 2052 RasSstp - ok

11:05:26.0924 2052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:05:26.0971 2052 rdbss - ok

11:05:26.0987 2052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

11:05:26.0987 2052 rdpbus - ok

11:05:27.0018 2052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:05:27.0049 2052 RDPCDD - ok

11:05:27.0049 2052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:05:27.0080 2052 RDPENCDD - ok

11:05:27.0096 2052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:05:27.0112 2052 RDPREFMP - ok

11:05:27.0143 2052 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

11:05:27.0190 2052 RDPWD - ok

11:05:27.0439 2052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:05:27.0455 2052 rdyboost - ok

11:05:27.0642 2052 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:05:27.0860 2052 RemoteAccess - ok

11:05:27.0938 2052 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:05:27.0970 2052 RemoteRegistry - ok

11:05:28.0079 2052 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

11:05:28.0079 2052 RoxioNow Service - ok

11:05:28.0110 2052 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:05:28.0141 2052 RpcEptMapper - ok

11:05:28.0172 2052 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:05:28.0172 2052 RpcLocator - ok

11:05:28.0204 2052 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:05:28.0235 2052 RpcSs - ok

11:05:28.0282 2052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:05:28.0297 2052 rspndr - ok

11:05:28.0344 2052 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:05:28.0344 2052 RTL8167 - ok

11:05:28.0375 2052 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:05:28.0375 2052 SamSs - ok

11:05:28.0391 2052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:05:28.0406 2052 sbp2port - ok

11:05:28.0438 2052 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:05:28.0453 2052 SCardSvr - ok

11:05:28.0469 2052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:05:28.0500 2052 scfilter - ok

11:05:28.0547 2052 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:05:28.0578 2052 Schedule - ok

11:05:28.0609 2052 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:05:28.0640 2052 SCPolicySvc - ok

11:05:28.0656 2052 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:05:28.0687 2052 SDRSVC - ok

11:05:28.0750 2052 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

11:05:28.0750 2052 SeaPort - ok

11:05:28.0796 2052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:05:28.0828 2052 secdrv - ok

11:05:28.0843 2052 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:05:28.0859 2052 seclogon - ok

11:05:28.0874 2052 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

11:05:28.0906 2052 SENS - ok

11:05:28.0937 2052 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:05:28.0952 2052 SensrSvc - ok

11:05:28.0968 2052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

11:05:28.0999 2052 Serenum - ok

11:05:29.0015 2052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

11:05:29.0015 2052 Serial - ok

11:05:29.0046 2052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:05:29.0062 2052 sermouse - ok

11:05:29.0077 2052 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:05:29.0108 2052 SessionEnv - ok

11:05:29.0140 2052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:05:29.0140 2052 sffdisk - ok

11:05:29.0155 2052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:05:29.0171 2052 sffp_mmc - ok

11:05:29.0218 2052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:05:29.0233 2052 sffp_sd - ok

11:05:29.0374 2052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:05:29.0452 2052 sfloppy - ok

11:05:29.0608 2052 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:05:29.0701 2052 ShellHWDetection - ok

11:05:29.0888 2052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:05:29.0888 2052 SiSRaid2 - ok

11:05:29.0951 2052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:05:29.0966 2052 SiSRaid4 - ok

11:05:30.0169 2052 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe

11:05:30.0185 2052 SkypeUpdate - ok

11:05:30.0622 2052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:05:30.0715 2052 Smb - ok

11:05:31.0121 2052 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:05:31.0370 2052 SNMPTRAP - ok

11:05:31.0464 2052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:05:31.0464 2052 spldr - ok

11:05:31.0698 2052 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:05:31.0745 2052 Spooler - ok

11:05:32.0431 2052 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:05:32.0478 2052 sppsvc - ok

11:05:32.0837 2052 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:05:32.0899 2052 sppuinotify - ok

11:05:33.0274 2052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:05:33.0352 2052 srv - ok

11:05:33.0430 2052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:05:33.0461 2052 srv2 - ok

11:05:33.0476 2052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:05:33.0492 2052 srvnet - ok

11:05:33.0554 2052 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:05:33.0617 2052 SSDPSRV - ok

11:05:33.0648 2052 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:05:33.0664 2052 SstpSvc - ok

11:05:33.0742 2052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:05:33.0773 2052 stexstor - ok

11:05:33.0851 2052 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:05:33.0882 2052 stisvc - ok

11:05:33.0944 2052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:05:33.0960 2052 swenum - ok

11:05:34.0038 2052 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:05:34.0116 2052 swprv - ok

11:05:34.0303 2052 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:05:34.0381 2052 SysMain - ok

11:05:34.0444 2052 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:05:34.0475 2052 TabletInputService - ok

11:05:34.0506 2052 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:05:34.0537 2052 TapiSrv - ok

11:05:34.0568 2052 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:05:34.0600 2052 TBS - ok

11:05:34.0787 2052 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

11:05:34.0818 2052 Tcpip - ok

11:05:34.0958 2052 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

11:05:34.0974 2052 TCPIP6 - ok

11:05:35.0036 2052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:05:35.0083 2052 tcpipreg - ok

11:05:35.0083 2052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:05:35.0114 2052 TDPIPE - ok

11:05:35.0146 2052 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:05:35.0161 2052 TDTCP - ok

11:05:35.0192 2052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:05:35.0208 2052 tdx - ok

11:05:35.0270 2052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:05:35.0286 2052 TermDD - ok

11:05:35.0333 2052 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:05:35.0380 2052 TermService - ok

11:05:35.0411 2052 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:05:35.0426 2052 Themes - ok

11:05:35.0489 2052 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:05:35.0520 2052 THREADORDER - ok

11:05:35.0598 2052 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:05:35.0645 2052 TrkWks - ok

11:05:35.0738 2052 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:05:35.0785 2052 TrustedInstaller - ok

11:05:35.0848 2052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:05:35.0926 2052 tssecsrv - ok

11:05:35.0972 2052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:05:35.0988 2052 TsUsbFlt - ok

11:05:36.0019 2052 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:05:36.0035 2052 TsUsbGD - ok

11:05:36.0066 2052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:05:36.0113 2052 tunnel - ok

11:05:36.0128 2052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:05:36.0144 2052 uagp35 - ok

11:05:36.0175 2052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:05:36.0206 2052 udfs - ok

11:05:36.0238 2052 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:05:36.0253 2052 UI0Detect - ok

11:05:36.0269 2052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:05:36.0284 2052 uliagpkx - ok

11:05:36.0316 2052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:05:36.0331 2052 umbus - ok

11:05:36.0362 2052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:05:36.0378 2052 UmPass - ok

11:05:36.0565 2052 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

11:05:36.0565 2052 UMVPFSrv - ok

11:05:37.0064 2052 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

11:05:37.0096 2052 UNS - ok

11:05:37.0267 2052 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:05:37.0345 2052 upnphost - ok

11:05:37.0376 2052 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

11:05:37.0408 2052 USBAAPL64 - ok

11:05:37.0439 2052 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

11:05:37.0470 2052 usbaudio - ok

11:05:37.0501 2052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:05:37.0517 2052 usbccgp - ok

11:05:37.0548 2052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:05:37.0564 2052 usbcir - ok

11:05:37.0579 2052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:05:37.0579 2052 usbehci - ok

11:05:37.0610 2052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:05:37.0642 2052 usbhub - ok

11:05:37.0657 2052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:05:37.0673 2052 usbohci - ok

11:05:37.0704 2052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:05:37.0735 2052 usbprint - ok

11:05:37.0798 2052 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:05:37.0813 2052 usbscan - ok

11:05:37.0829 2052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:05:37.0860 2052 USBSTOR - ok

11:05:37.0860 2052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:05:37.0876 2052 usbuhci - ok

11:05:37.0907 2052 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:05:37.0938 2052 UxSms - ok

11:05:37.0969 2052 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:05:37.0969 2052 VaultSvc - ok

11:05:38.0016 2052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:05:38.0016 2052 vdrvroot - ok

11:05:38.0047 2052 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:05:38.0094 2052 vds - ok

11:05:38.0125 2052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:05:38.0141 2052 vga - ok

11:05:38.0156 2052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:05:38.0203 2052 VgaSave - ok

11:05:38.0219 2052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:05:38.0234 2052 vhdmp - ok

11:05:38.0266 2052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:05:38.0266 2052 viaide - ok

11:05:38.0281 2052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:05:38.0297 2052 volmgr - ok

11:05:38.0312 2052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:05:38.0328 2052 volmgrx - ok

11:05:38.0359 2052 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys

11:05:38.0375 2052 volsnap - ok

11:05:38.0390 2052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:05:38.0406 2052 vsmraid - ok

11:05:38.0500 2052 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:05:38.0531 2052 VSS - ok

11:05:38.0624 2052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:05:38.0640 2052 vwifibus - ok

11:05:38.0656 2052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:05:38.0671 2052 vwififlt - ok

11:05:38.0718 2052 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:05:38.0765 2052 W32Time - ok

11:05:38.0796 2052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:05:38.0827 2052 WacomPen - ok

11:05:38.0858 2052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:05:38.0905 2052 WANARP - ok

11:05:38.0905 2052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:05:38.0921 2052 Wanarpv6 - ok

11:05:39.0014 2052 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:05:39.0061 2052 WatAdminSvc - ok

11:05:39.0139 2052 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:05:39.0311 2052 wbengine - ok

11:05:39.0389 2052 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:05:39.0404 2052 WbioSrvc - ok

11:05:39.0436 2052 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:05:39.0467 2052 wcncsvc - ok

11:05:39.0482 2052 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:05:39.0498 2052 WcsPlugInService - ok

11:05:39.0529 2052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:05:39.0545 2052 Wd - ok

11:05:39.0592 2052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:05:39.0623 2052 Wdf01000 - ok

11:05:39.0638 2052 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:05:39.0685 2052 WdiServiceHost - ok

11:05:39.0685 2052 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:05:39.0701 2052 WdiSystemHost - ok

11:05:39.0716 2052 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:05:39.0748 2052 WebClient - ok

11:05:39.0779 2052 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:05:39.0810 2052 Wecsvc - ok

11:05:39.0826 2052 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:05:39.0857 2052 wercplsupport - ok

11:05:39.0872 2052 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:05:39.0904 2052 WerSvc - ok

11:05:39.0935 2052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:05:39.0966 2052 WfpLwf - ok

11:05:39.0982 2052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:05:39.0982 2052 WIMMount - ok

11:05:39.0982 2052 WinHttpAutoProxySvc - ok

11:05:40.0044 2052 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:05:40.0075 2052 Winmgmt - ok

11:05:40.0200 2052 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:05:40.0262 2052 WinRM - ok

11:05:40.0387 2052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:05:40.0418 2052 WinUsb - ok

11:05:40.0496 2052 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:05:40.0528 2052 Wlansvc - ok

11:05:40.0574 2052 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

11:05:40.0574 2052 wlcrasvc - ok

11:05:40.0793 2052 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:05:40.0840 2052 wlidsvc - ok

11:05:41.0011 2052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:05:41.0027 2052 WmiAcpi - ok

11:05:41.0089 2052 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:05:41.0120 2052 wmiApSrv - ok

11:05:41.0152 2052 WMPNetworkSvc - ok

11:05:41.0198 2052 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:05:41.0339 2052 WPCSvc - ok

11:05:41.0417 2052 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:05:41.0432 2052 WPDBusEnum - ok

11:05:41.0448 2052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:05:41.0479 2052 ws2ifsl - ok

11:05:41.0495 2052 WSearch - ok

11:05:41.0635 2052 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

11:05:41.0682 2052 wuauserv - ok

11:05:41.0776 2052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:05:41.0807 2052 WudfPf - ok

11:05:41.0822 2052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:05:41.0869 2052 WUDFRd - ok

11:05:41.0885 2052 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:05:41.0916 2052 wudfsvc - ok

11:05:41.0932 2052 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:05:41.0947 2052 WwanSvc - ok

11:05:41.0978 2052 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:05:42.0259 2052 \Device\Harddisk0\DR0 - ok

11:05:42.0259 2052 Boot (0x1200) (fa8d80a531131c449e22fda608531982) \Device\Harddisk0\DR0\Partition0

11:05:42.0259 2052 \Device\Harddisk0\DR0\Partition0 - ok

11:05:42.0290 2052 Boot (0x1200) (52e3616b50d280c6b230c8b86db1cdb2) \Device\Harddisk0\DR0\Partition1

11:05:42.0290 2052 \Device\Harddisk0\DR0\Partition1 - ok

11:05:42.0337 2052 Boot (0x1200) (ba6015a06b397afafd4fe952608a6b55) \Device\Harddisk0\DR0\Partition2

11:05:42.0337 2052 \Device\Harddisk0\DR0\Partition2 - ok

11:05:42.0337 2052 ============================================================

11:05:42.0337 2052 Scan finished

11:05:42.0337 2052 ============================================================

11:05:42.0353 3256 Detected object count: 1

11:05:42.0353 3256 Actual detected object count: 1

11:06:09.0076 3256 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

11:06:09.0076 3256 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:06:58.0699 2600 Deinitialize success

Link to post
Share on other sites

That scan was clean, one more big one to run......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Im on my laptop writing this but before I post the log report, the infected Pc I tried opening firefox and got an error....

"c:/program files (x86)/mozilla firefox/ firefox.exe" "illegal opperation attempted on a registry key that has been marked for deletion", then another window asked "cant open this item" it might have been moved, renamed, or deleted. Do you want to remove this item. What do I do?

ComboFix 12-07-21.01 - jk 07/21/2012 12:23:27.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4238 [GMT -7:00]

Running from: c:\users\jk\Downloads\Programs\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\jk\AppData\Local\Temp\7zS2C9C\HPSLPSVC64.DLL

c:\users\jk\AppData\Roaming\Propellerhead Software\ReCycle

c:\users\jk\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf

c:\users\jk\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle220.dat

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_HPSLPSVC

.

.

((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))

.

.

2012-07-21 19:26 . 2012-07-21 19:26 -------- d-----w- c:\users\Mcx1-JK-HP\AppData\Local\temp

2012-07-21 19:26 . 2012-07-21 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-21 03:37 . 2012-07-21 03:37 -------- d-----w- C:\FRST

2012-07-20 22:20 . 2012-07-20 23:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-20 22:12 . 2012-07-20 22:12 -------- d-----w- c:\users\jk\AppData\Roaming\RedDotGames

2012-07-20 22:10 . 2009-09-05 00:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll

2012-07-20 21:56 . 2012-07-20 21:56 -------- d-----w- c:\program files (x86)\DVD Decrypter

2012-07-20 19:32 . 2012-07-20 21:52 -------- d-----w- c:\users\jk\AppData\Roaming\mIRC

2012-07-20 19:32 . 2012-07-20 19:32 -------- d-----w- c:\program files (x86)\mIRC

2012-07-12 23:01 . 2012-07-12 23:01 -------- d-----w- c:\users\jk\AppData\Local\MicrosoftStore

2012-07-12 22:46 . 2012-07-12 22:46 237 ----a-w- C:\user.js

2012-07-12 19:59 . 2012-07-12 19:59 -------- d-----w- c:\users\jk\AppData\Local\FANiSO

2012-07-11 05:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 22:37 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-27 21:01 . 2012-06-27 21:01 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-27 21:00 . 2012-06-27 21:00 -------- d-----w- c:\program files (x86)\Oracle

2012-06-27 21:00 . 2012-05-05 02:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-06-27 20:59 . 2012-06-27 20:59 -------- d-----w- c:\programdata\McAfee

2012-06-27 20:54 . 2012-06-27 21:36 -------- d-----w- c:\users\jk\AppData\Roaming\.minecraft

2012-06-25 04:29 . 2012-06-25 04:29 -------- d-----w- c:\program files\Propellerhead

2012-06-25 04:20 . 2012-06-25 04:20 -------- d-----w- c:\windows\en

2012-06-25 04:17 . 2012-06-25 04:17 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7d5426951cd528903\DSETUP.dll

2012-06-25 04:17 . 2012-06-25 04:17 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7d5426951cd528903\DXSETUP.exe

2012-06-25 04:17 . 2012-06-25 04:17 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7d5426951cd528903\dsetup32.dll

2012-06-25 04:17 . 2012-06-25 04:17 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7d9109691cd528904\MeshBetaRemover.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-16 18:53 . 2012-04-02 17:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-16 18:53 . 2011-08-13 03:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 05:55 . 2012-01-03 18:59 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 20:46 . 2012-05-11 00:27 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-21 19:18 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 19:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 19:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 19:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 19:18 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-21 19:18 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 19:19 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 19:18 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-21 19:18 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-05-05 02:29 . 2011-12-19 03:26 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-04 11:06 . 2012-06-13 19:22 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 19:22 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 19:22 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-13 19:22 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-30 21:47 . 2012-04-30 21:47 191264 ----a-w- c:\windows\system32\javaws.exe

2012-04-30 21:47 . 2012-04-30 21:47 172320 ----a-w- c:\windows\system32\javaw.exe

2012-04-30 21:47 . 2012-04-30 21:47 172320 ----a-w- c:\windows\system32\java.exe

2012-04-30 21:47 . 2011-12-17 22:48 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-28 03:55 . 2012-06-13 19:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 19:22 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 19:22 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 19:22 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-13 19:22 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-13 19:22 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-13 19:22 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-13 19:22 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 19:22 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-13 19:22 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-02-28 3474840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-08-13 31152]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221318694-525691764-1706660316-1001Core.job

- c:\users\jk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:08]

.

2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221318694-525691764-1706660316-1001UA.job

- c:\users\jk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:08]

.

2012-07-16 c:\windows\Tasks\HPCeeScheduleForjk.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"combofix"="c:\combofix\CF85.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\jk\AppData\Roaming\Mozilla\Firefox\Profiles\dm4gl0fx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111787

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 1091fab2000000000000d0df9a7f5762

FF - user.js: extensions.BabylonToolbar_i.hardId - 1091fab2000000000000d0df9a7f5762

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:46

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{34681D92-5958-406A-A654-1B57E7A7B3DC} - c:\program files (x86)\InstallShield Installation Information\{34681D92-5958-406A-A654-1B57E7A7B3DC}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-221318694-525691764-1706660316-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):d3,3d,89,7c,db,c5,71,e8,73,47,b8,b8,59,ba,c3,67,18,e2,ca,f4,44,

18,1c,99,60,f6,08,4b,52,1d,78,7d,e9,9b,ae,cc,50,2a,65,b0,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-221318694-525691764-1706660316-1001_Classes\Wow6432Node\CLSID\{7efc96ed-aa46-4e9d-a2a5-9e04fc4742d4}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000052

"Therad"=dword:0000001d

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-07-21 12:31:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-21 19:31

.

Pre-Run: 814,427,643,904 bytes free

Post-Run: 814,855,725,056 bytes free

.

- - End Of File - - 88D50A38FC4D0E6B74A3C0115DE3DACC

Link to post
Share on other sites

CPU seems fine now. No more re-direct sites, AVG is not popping up with a threat detected. There is one thing Im having a problem with and thats adobe flash player....I know thats off the subject but its been crashing alot the past few weeks. Any recomendations on how to fix it? It looks something like this "adobe flash player 11.3 r300 crashed" Well heres the log report....

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

jk :: JK-HP [administrator]

Protection: Enabled

7/21/2012 1:14:29 PM

mbam-log-2012-07-21 (13-14-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211487

Time elapsed: 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

For "adobe flash player crashes", just Google it > you'll get lots of hits.

See if any help.

------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.