Jump to content

FBI Moneypak Infection


Recommended Posts

Hi All,

First off, massive thanks to all the help you guys give to everyone. You're so generous with your time.

I've been infected with this moneypak virus and have been following insturctions from former threads on here about how to proceed. I've followed the rules to do the farbar recover scan and have both logs attached. Would someone mind taking a look at them?

I appreciate any help in this manner.

Thanks guys!

FRST.txt

Search.txt

Link to post
Share on other sites

  • Staff

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


HKLM-x32\...\Run: [st5rhuy54u45hy] C:\Users\Colin\AppData\Roaming\5w4yher54uyhw4.exe [266752 2012-11-13] ()
HKU\Colin\...\Run: [4e5ayhare4yh] C:\Users\Colin\AppData\Local\e54yher4h6j.exe [266752 2012-11-13] ()
HKU\Colin\...\Run: [st5rhuy54u45hy] C:\Users\Colin\AppData\Roaming\5w4yher54uyhw4.exe [266752 2012-11-13] ()
HKU\Colin\...\Policies\system: [DisableTaskMgr] 1
HKU\Colin\...\Policies\system: [DisableRegistryTools] 1
HKU\Colin\...\Policies\Explorer: [NoDesktop] 1
HKU\Colin\...\Winlogon: [Shell] C:\Users\Colin\AppData\Roaming\5w4yher54uyhw4.exe [266752 2012-11-13] ()
HKLM-x32\...\Winlogon: [Shell] C:\Users\Colin\AppData\Roaming\5w4yher54uyhw4.exe [x ] ()
2012-11-13 23:51 - 2012-11-13 23:51 - 00266752 ____A C:\Users\Colin\AppData\Roaming\5w4yher54uyhw4.exe
2012-11-13 23:51 - 2012-11-13 23:51 - 00266752 ____A C:\Users\Colin\AppData\Local\e54yher4h6j.exe
2012-11-13 23:51 - 2012-11-13 23:51 - 00266752 ____A C:\Users\Colin\0.4475846889831203.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo

Link to post
Share on other sites

Thanks for the Quick reply Gringo!

Here is the new log. (Should I attach or post within?)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012

Ran by SYSTEM at 2012-11-14 11:57:25 Run:1

Running from F:\

==============================================

HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\st5rhuy54u45hy Value deleted successfully.

HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Run\\4e5ayhare4yh Value deleted successfully.

HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Run\\st5rhuy54u45hy Value deleted successfully.

HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully.

HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools Value deleted successfully.

HKEY_USERS\Colin\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop Value deleted successfully.

HKEY_USERS\Colin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .

C:\Users\Colin\AppData\Roaming\5w4yher54uyhw4.exe moved successfully.

C:\Users\Colin\AppData\Local\e54yher4h6j.exe moved successfully.

C:\Users\Colin\0.4475846889831203.exe moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hello

what you did is exactly what i want

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

(The only problem that still seems to linger is that my desktop is cleared(none of my icons are showing), though they appear when I look at my desktop via "my computer")

Here are the following logs :

AdwCleaner:

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 13:01:42

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Colin - COLIN-PC

# Boot Mode : Normal

# Running from : C:\Users\Colin\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.5

File : C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [968 octets] - [14/11/2012 13:01:42]

########## EOF - C:\AdwCleaner[R1].txt - [1027 octets] ##########

RoqueKiller

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Colin [Admin rights]

Mode : Scan -- Date : 11/14/2012 13:14:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSYN +++++

--- User ---

[MBR] 0018d84e6d0ad010607cf906b3f776ce

[bSP] 326bb918791288cbccf9237383fef04b : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13568 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27869184 | Size: 463328 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: JMCR SD SCSI Disk Device +++++

--- User ---

[MBR] e0501857cb431ed4c44550f9c6dc1115

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3826 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_11142012_02d1314.txt >>

RKreport[1]_S_11142012_02d1314.txt

COMBOFIX

ComboFix 12-11-14.01 - Colin 11/14/2012 13:22:19.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6300 [GMT -6:00]

Running from: c:\users\Colin\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\Colin\AppData\Roaming\Roaming

c:\users\Colin\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#araschel.com\settings.sol

c:\users\Colin\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

.

.

((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))

.

.

2012-11-14 19:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 19:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 19:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 19:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 18:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 18:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 18:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 18:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 18:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 18:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 18:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-13 17:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B30A96DB-D421-4C4D-94F4-46297AE05BBF}\mpengine.dll

2012-11-12 14:07 . 2012-11-12 14:07 -------- d-----w- c:\users\Colin\Savages UNRATED (2012)

2012-11-12 13:07 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-11 13:09 . 2012-11-11 15:33 -------- d-----w- c:\users\Colin\Workingmans.Death.2005.PAL.DVDR

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\Colin\Putty Hill 2010.DVDRip.XviD-playXD

2012-11-05 18:33 . 2012-11-05 18:33 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-10-29 23:57 . 2012-10-29 23:57 -------- d-----w- c:\users\Colin\The Interrupters 2011 720p BRRip x264 AC3-26K

2012-10-20 19:48 . 2012-09-25 22:26 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03A34273-37BF-4FB0-BCC5-340C9983291A}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-14 19:00 . 2012-02-26 00:13 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 18:06 . 2012-10-08 15:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 18:06 . 2012-02-23 22:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 17:02 . 2012-09-30 17:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-30 17:02 . 2012-09-30 17:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-30 17:02 . 2012-02-23 23:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-25 22:26 . 2012-06-12 16:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-14 19:19 . 2012-10-10 14:48 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 14:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 14:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 19:14 . 2012-10-01 15:33 9066344 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-30 19:14 . 2012-10-01 15:33 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-08-30 19:14 . 2012-10-01 15:33 7397736 ----a-w- c:\windows\system32\nvopencl.dll

2012-08-30 19:14 . 2012-10-01 15:33 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-08-30 19:14 . 2012-10-01 15:33 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2012-08-30 19:14 . 2012-10-01 15:33 284008 ----a-w- c:\windows\system32\drivers\nvkflt.sys

2012-08-30 19:14 . 2012-10-01 15:33 2745192 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-30 19:14 . 2012-10-01 15:33 26228072 ----a-w- c:\windows\system32\nvoglv64.dll

2012-08-30 19:14 . 2012-10-01 15:33 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-08-30 19:14 . 2012-10-01 15:33 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-30 19:14 . 2012-10-01 15:33 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-30 19:14 . 2012-10-01 15:33 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-08-30 19:14 . 2012-10-01 15:33 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-08-30 19:14 . 2012-10-01 15:33 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-08-30 19:14 . 2012-10-01 15:33 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-08-30 19:14 . 2012-10-01 15:33 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-08-30 19:14 . 2012-10-01 15:33 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-08-30 19:14 . 2012-10-01 15:33 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-08-30 19:14 . 2012-10-01 15:33 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-30 19:14 . 2012-10-01 15:33 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-08-30 19:14 . 2012-02-22 16:10 971624 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-08-30 19:14 . 2012-02-22 16:10 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-08-30 19:14 . 2012-02-22 16:10 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-08-30 19:14 . 2012-02-22 16:10 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-08-30 19:14 . 2012-02-22 16:10 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-08-30 19:14 . 2012-02-22 16:10 2725224 ----a-w- c:\windows\system32\nvapi64.dll

2012-08-30 19:14 . 2012-02-22 16:10 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-08-30 18:03 . 2012-10-10 14:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 14:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 14:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 16:18 . 2011-10-17 09:19 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-08-30 16:18 . 2011-10-17 06:19 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-30 16:18 . 2011-10-17 06:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-30 16:18 . 2011-10-17 06:19 865640 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-08-30 16:18 . 2011-10-17 06:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-08-30 16:18 . 2011-10-17 09:19 3487434 ----a-w- c:\windows\system32\nvcoproc.bin

2012-08-30 16:18 . 2011-10-17 06:19 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-08-30 16:18 . 2011-10-17 06:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll

2012-08-30 16:17 . 2011-10-17 06:19 6198120 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-08-24 18:05 . 2012-10-10 14:48 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 14:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-12 18:57 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 18:57 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 18:57 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 22:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-10 14:48 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 14:48 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 14:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 14:48 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 14:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 14:48 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 14:48 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 14:48 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 14:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 14:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 14:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 14:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 14:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-18 963984]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]

"D3DOverrider"="c:\d3doverrider\D3DOverriderWrapper.exe" [2009-08-23 40960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

.

c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736]

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-24 283200]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 18:06]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001Core.job

- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001UA.job

- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.dell.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-14 13:29:19

ComboFix-quarantined-files.txt 2012-11-14 19:29

ComboFix2.txt 2011-10-03 20:22

.

Pre-Run: 30,805,630,976 bytes free

Post-Run: 31,081,816,064 bytes free

.

- - End Of File - - EEDE71495665255F1225EBB1EEA6EABA

Link to post
Share on other sites

TDS KILLER

13:32:31.0359 2604 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

13:32:31.0780 2604 ============================================================

13:32:31.0780 2604 Current date / time: 2012/11/14 13:32:31.0780

13:32:31.0780 2604 SystemInfo:

13:32:31.0780 2604

13:32:31.0780 2604 OS Version: 6.1.7601 ServicePack: 1.0

13:32:31.0780 2604 Product type: Workstation

13:32:31.0780 2604 ComputerName: COLIN-PC

13:32:31.0780 2604 UserName: Colin

13:32:31.0796 2604 Windows directory: C:\Windows

13:32:31.0796 2604 System windows directory: C:\Windows

13:32:31.0796 2604 Running under WOW64

13:32:31.0796 2604 Processor architecture: Intel x64

13:32:31.0796 2604 Number of processors: 8

13:32:31.0796 2604 Page size: 0x1000

13:32:31.0796 2604 Boot type: Normal boot

13:32:31.0796 2604 ============================================================

13:32:32.0443 2604 Drive \Device\Harddisk1\DR1 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048

13:32:32.0460 2604 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:32:32.0469 2604 Drive \Device\Harddisk1\DR1 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:32:32.0472 2604 ============================================================

13:32:32.0472 2604 \Device\Harddisk1\DR1:

13:32:32.0473 2604 MBR partitions:

13:32:32.0473 2604 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x779000

13:32:32.0473 2604 \Device\Harddisk0\DR0:

13:32:32.0473 2604 MBR partitions:

13:32:32.0473 2604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A80000

13:32:32.0473 2604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A94000, BlocksNum 0x388F0000

13:32:32.0473 2604 \Device\Harddisk1\DR1:

13:32:32.0473 2604 MBR partitions:

13:32:32.0473 2604 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x779000

13:32:32.0473 2604 ============================================================

13:32:32.0517 2604 C: <-> \Device\Harddisk0\DR0\Partition2

13:32:32.0517 2604 ============================================================

13:32:32.0517 2604 Initialize success

13:32:32.0518 2604 ============================================================

13:32:38.0375 3252 ============================================================

13:32:38.0375 3252 Scan started

13:32:38.0375 3252 Mode: Manual;

13:32:38.0375 3252 ============================================================

13:32:38.0854 3252 ================ Scan system memory ========================

13:32:38.0854 3252 System memory - ok

13:32:38.0854 3252 ================ Scan services =============================

13:32:38.0994 3252 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

13:32:39.0010 3252 !SASCORE - ok

13:32:39.0259 3252 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

13:32:39.0259 3252 1394ohci - ok

13:32:39.0306 3252 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

13:32:39.0306 3252 ACPI - ok

13:32:39.0337 3252 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

13:32:39.0337 3252 AcpiPmi - ok

13:32:39.0452 3252 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:32:39.0490 3252 AdobeARMservice - ok

13:32:39.0707 3252 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:32:39.0714 3252 AdobeFlashPlayerUpdateSvc - ok

13:32:39.0763 3252 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

13:32:39.0779 3252 adp94xx - ok

13:32:39.0826 3252 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

13:32:39.0841 3252 adpahci - ok

13:32:39.0872 3252 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

13:32:39.0872 3252 adpu320 - ok

13:32:39.0919 3252 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:32:39.0919 3252 AeLookupSvc - ok

13:32:39.0982 3252 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

13:32:39.0982 3252 AERTFilters - ok

13:32:40.0060 3252 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

13:32:40.0075 3252 AFD - ok

13:32:40.0106 3252 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

13:32:40.0106 3252 agp440 - ok

13:32:40.0138 3252 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

13:32:40.0153 3252 ALG - ok

13:32:40.0169 3252 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

13:32:40.0169 3252 aliide - ok

13:32:40.0200 3252 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

13:32:40.0200 3252 amdide - ok

13:32:40.0231 3252 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

13:32:40.0231 3252 AmdK8 - ok

13:32:40.0262 3252 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

13:32:40.0262 3252 AmdPPM - ok

13:32:40.0278 3252 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

13:32:40.0294 3252 amdsata - ok

13:32:40.0325 3252 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

13:32:40.0340 3252 amdsbs - ok

13:32:40.0356 3252 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

13:32:40.0356 3252 amdxata - ok

13:32:40.0418 3252 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys

13:32:40.0418 3252 AMPPAL - ok

13:32:40.0450 3252 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys

13:32:40.0465 3252 AMPPALP - ok

13:32:40.0528 3252 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

13:32:40.0543 3252 AMPPALR3 - ok

13:32:40.0590 3252 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

13:32:40.0590 3252 AppID - ok

13:32:40.0637 3252 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

13:32:40.0637 3252 AppIDSvc - ok

13:32:40.0652 3252 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

13:32:40.0652 3252 Appinfo - ok

13:32:40.0715 3252 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

13:32:40.0715 3252 arc - ok

13:32:40.0746 3252 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

13:32:40.0746 3252 arcsas - ok

13:32:40.0840 3252 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:32:40.0871 3252 aspnet_state - ok

13:32:40.0902 3252 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:32:40.0902 3252 AsyncMac - ok

13:32:40.0949 3252 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

13:32:40.0949 3252 atapi - ok

13:32:40.0996 3252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:32:41.0011 3252 AudioEndpointBuilder - ok

13:32:41.0027 3252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

13:32:41.0027 3252 AudioSrv - ok

13:32:41.0058 3252 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

13:32:41.0058 3252 AxInstSV - ok

13:32:41.0089 3252 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

13:32:41.0105 3252 b06bdrv - ok

13:32:41.0136 3252 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

13:32:41.0136 3252 b57nd60a - ok

13:32:41.0167 3252 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

13:32:41.0167 3252 BDESVC - ok

13:32:41.0183 3252 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

13:32:41.0183 3252 Beep - ok

13:32:41.0230 3252 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

13:32:41.0245 3252 BFE - ok

13:32:41.0292 3252 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

13:32:41.0308 3252 BITS - ok

13:32:41.0339 3252 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

13:32:41.0339 3252 blbdrive - ok

13:32:41.0386 3252 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:32:41.0401 3252 bowser - ok

13:32:41.0432 3252 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

13:32:41.0432 3252 BrFiltLo - ok

13:32:41.0448 3252 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

13:32:41.0448 3252 BrFiltUp - ok

13:32:41.0504 3252 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

13:32:41.0508 3252 BridgeMP - ok

13:32:41.0567 3252 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

13:32:41.0571 3252 Browser - ok

13:32:41.0596 3252 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

13:32:41.0604 3252 Brserid - ok

13:32:41.0641 3252 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

13:32:41.0644 3252 BrSerWdm - ok

13:32:41.0662 3252 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

13:32:41.0664 3252 BrUsbMdm - ok

13:32:41.0671 3252 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

13:32:41.0674 3252 BrUsbSer - ok

13:32:41.0699 3252 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

13:32:41.0702 3252 BTHMODEM - ok

13:32:41.0740 3252 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

13:32:41.0740 3252 bthserv - ok

13:32:41.0755 3252 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

13:32:41.0771 3252 BTHSSecurityMgr - ok

13:32:41.0802 3252 catchme - ok

13:32:41.0833 3252 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:32:41.0833 3252 cdfs - ok

13:32:41.0880 3252 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:32:41.0880 3252 cdrom - ok

13:32:41.0911 3252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

13:32:41.0927 3252 CertPropSvc - ok

13:32:41.0943 3252 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

13:32:41.0943 3252 circlass - ok

13:32:41.0974 3252 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

13:32:41.0989 3252 CLFS - ok

13:32:42.0052 3252 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:32:42.0052 3252 clr_optimization_v2.0.50727_32 - ok

13:32:42.0099 3252 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:32:42.0099 3252 clr_optimization_v2.0.50727_64 - ok

13:32:42.0177 3252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:32:42.0255 3252 clr_optimization_v4.0.30319_32 - ok

13:32:42.0255 3252 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:32:42.0270 3252 clr_optimization_v4.0.30319_64 - ok

13:32:42.0301 3252 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

13:32:42.0301 3252 CmBatt - ok

13:32:42.0317 3252 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

13:32:42.0317 3252 cmdide - ok

13:32:42.0379 3252 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

13:32:42.0379 3252 CNG - ok

13:32:42.0426 3252 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

13:32:42.0426 3252 Compbatt - ok

13:32:42.0442 3252 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

13:32:42.0442 3252 CompositeBus - ok

13:32:42.0457 3252 COMSysApp - ok

13:32:42.0489 3252 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

13:32:42.0489 3252 crcdisk - ok

13:32:42.0535 3252 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:32:42.0551 3252 CryptSvc - ok

13:32:42.0582 3252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

13:32:42.0598 3252 DcomLaunch - ok

13:32:42.0629 3252 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

13:32:42.0645 3252 defragsvc - ok

13:32:42.0660 3252 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:32:42.0660 3252 DfsC - ok

13:32:42.0691 3252 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

13:32:42.0738 3252 Dhcp - ok

13:32:42.0754 3252 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

13:32:42.0754 3252 discache - ok

13:32:42.0785 3252 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

13:32:42.0785 3252 Disk - ok

13:32:42.0816 3252 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:32:42.0816 3252 Dnscache - ok

13:32:42.0832 3252 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

13:32:42.0847 3252 dot3svc - ok

13:32:42.0879 3252 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

13:32:42.0879 3252 DPS - ok

13:32:42.0925 3252 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:32:42.0925 3252 drmkaud - ok

13:32:42.0957 3252 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:32:42.0972 3252 dtsoftbus01 - ok

13:32:43.0019 3252 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:32:43.0035 3252 DXGKrnl - ok

13:32:43.0050 3252 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

13:32:43.0050 3252 EapHost - ok

13:32:43.0128 3252 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

13:32:43.0159 3252 ebdrv - ok

13:32:43.0191 3252 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

13:32:43.0191 3252 EFS - ok

13:32:43.0253 3252 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:32:43.0269 3252 ehRecvr - ok

13:32:43.0284 3252 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

13:32:43.0284 3252 ehSched - ok

13:32:43.0331 3252 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

13:32:43.0347 3252 elxstor - ok

13:32:43.0362 3252 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

13:32:43.0362 3252 ErrDev - ok

13:32:43.0409 3252 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

13:32:43.0409 3252 EventSystem - ok

13:32:43.0508 3252 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

13:32:43.0520 3252 EvtEng - ok

13:32:43.0541 3252 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

13:32:43.0543 3252 exfat - ok

13:32:43.0578 3252 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:32:43.0583 3252 fastfat - ok

13:32:43.0641 3252 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

13:32:43.0656 3252 Fax - ok

13:32:43.0685 3252 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

13:32:43.0686 3252 fdc - ok

13:32:43.0704 3252 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

13:32:43.0706 3252 fdPHost - ok

13:32:43.0723 3252 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

13:32:43.0724 3252 FDResPub - ok

13:32:43.0735 3252 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:32:43.0736 3252 FileInfo - ok

13:32:43.0747 3252 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:32:43.0750 3252 Filetrace - ok

13:32:43.0764 3252 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

13:32:43.0780 3252 flpydisk - ok

13:32:43.0795 3252 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:32:43.0811 3252 FltMgr - ok

13:32:43.0858 3252 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

13:32:43.0889 3252 FontCache - ok

13:32:43.0920 3252 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:32:43.0920 3252 FontCache3.0.0.0 - ok

13:32:43.0936 3252 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

13:32:43.0951 3252 FsDepends - ok

13:32:43.0982 3252 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:32:43.0982 3252 Fs_Rec - ok

13:32:44.0014 3252 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

13:32:44.0014 3252 fvevol - ok

13:32:44.0060 3252 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

13:32:44.0060 3252 gagp30kx - ok

13:32:44.0107 3252 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

13:32:44.0123 3252 gpsvc - ok

13:32:44.0248 3252 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:32:44.0248 3252 gupdate - ok

13:32:44.0279 3252 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:32:44.0279 3252 gupdatem - ok

13:32:44.0310 3252 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

13:32:44.0310 3252 hcw85cir - ok

13:32:44.0357 3252 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

13:32:44.0357 3252 HdAudAddService - ok

13:32:44.0404 3252 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

13:32:44.0404 3252 HDAudBus - ok

13:32:44.0435 3252 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

13:32:44.0435 3252 HidBatt - ok

13:32:44.0450 3252 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

13:32:44.0450 3252 HidBth - ok

13:32:44.0466 3252 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

13:32:44.0482 3252 HidIr - ok

13:32:44.0512 3252 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

13:32:44.0515 3252 hidserv - ok

13:32:44.0542 3252 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:32:44.0544 3252 HidUsb - ok

13:32:44.0573 3252 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:32:44.0578 3252 hkmsvc - ok

13:32:44.0596 3252 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

13:32:44.0603 3252 HomeGroupListener - ok

13:32:44.0637 3252 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

13:32:44.0646 3252 HomeGroupProvider - ok

13:32:44.0690 3252 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

13:32:44.0692 3252 HpSAMD - ok

13:32:44.0724 3252 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:32:44.0741 3252 HTTP - ok

13:32:44.0759 3252 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

13:32:44.0760 3252 hwpolicy - ok

13:32:44.0797 3252 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

13:32:44.0813 3252 i8042prt - ok

13:32:44.0844 3252 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys

13:32:44.0860 3252 iaStor - ok

13:32:44.0907 3252 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

13:32:44.0907 3252 IAStorDataMgrSvc - ok

13:32:44.0953 3252 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

13:32:44.0953 3252 iaStorV - ok

13:32:45.0031 3252 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:32:45.0047 3252 idsvc - ok

13:32:45.0250 3252 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

13:32:45.0437 3252 igfx - ok

13:32:45.0453 3252 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

13:32:45.0468 3252 iirsp - ok

13:32:45.0514 3252 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

13:32:45.0522 3252 IKEEXT - ok

13:32:45.0592 3252 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

13:32:45.0610 3252 IntcAzAudAddService - ok

13:32:45.0653 3252 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

13:32:45.0660 3252 IntcDAud - ok

13:32:45.0686 3252 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

13:32:45.0688 3252 intelide - ok

13:32:45.0714 3252 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

13:32:45.0716 3252 intelppm - ok

13:32:45.0743 3252 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:32:45.0748 3252 IPBusEnum - ok

13:32:45.0769 3252 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:32:45.0769 3252 IpFilterDriver - ok

13:32:45.0816 3252 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:32:45.0847 3252 iphlpsvc - ok

13:32:45.0863 3252 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

13:32:45.0863 3252 IPMIDRV - ok

13:32:45.0879 3252 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

13:32:45.0879 3252 IPNAT - ok

13:32:45.0894 3252 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:32:45.0894 3252 IRENUM - ok

13:32:45.0925 3252 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

13:32:45.0925 3252 isapnp - ok

13:32:45.0957 3252 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

13:32:45.0988 3252 iScsiPrt - ok

13:32:46.0019 3252 [ DD931496F49CDDF4F0B440455423E162 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

13:32:46.0019 3252 JMCR - ok

13:32:46.0050 3252 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:32:46.0050 3252 kbdclass - ok

13:32:46.0081 3252 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

13:32:46.0081 3252 kbdhid - ok

13:32:46.0113 3252 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

13:32:46.0113 3252 KeyIso - ok

13:32:46.0159 3252 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:32:46.0159 3252 KSecDD - ok

13:32:46.0206 3252 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

13:32:46.0206 3252 KSecPkg - ok

13:32:46.0237 3252 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

13:32:46.0237 3252 ksthunk - ok

13:32:46.0269 3252 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

13:32:46.0284 3252 KtmRm - ok

13:32:46.0315 3252 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

13:32:46.0315 3252 LanmanServer - ok

13:32:46.0362 3252 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:32:46.0362 3252 LanmanWorkstation - ok

13:32:46.0409 3252 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:32:46.0409 3252 lltdio - ok

13:32:46.0440 3252 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:32:46.0456 3252 lltdsvc - ok

13:32:46.0471 3252 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:32:46.0471 3252 lmhosts - ok

13:32:46.0530 3252 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

13:32:46.0534 3252 LSI_FC - ok

13:32:46.0548 3252 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

13:32:46.0552 3252 LSI_SAS - ok

13:32:46.0566 3252 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

13:32:46.0569 3252 LSI_SAS2 - ok

13:32:46.0579 3252 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

13:32:46.0582 3252 LSI_SCSI - ok

13:32:46.0607 3252 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

13:32:46.0608 3252 luafv - ok

13:32:46.0632 3252 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:32:46.0638 3252 Mcx2Svc - ok

13:32:46.0656 3252 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

13:32:46.0659 3252 megasas - ok

13:32:46.0681 3252 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

13:32:46.0686 3252 MegaSR - ok

13:32:46.0720 3252 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

13:32:46.0721 3252 MEIx64 - ok

13:32:46.0790 3252 Microsoft SharePoint Workspace Audit Service - ok

13:32:46.0821 3252 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

13:32:46.0837 3252 MMCSS - ok

13:32:46.0853 3252 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

13:32:46.0868 3252 Modem - ok

13:32:46.0884 3252 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:32:46.0884 3252 monitor - ok

13:32:46.0915 3252 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:32:46.0915 3252 mouclass - ok

13:32:46.0946 3252 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys

13:32:46.0946 3252 mouhid - ok

13:32:46.0993 3252 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

13:32:46.0993 3252 mountmgr - ok

13:32:47.0055 3252 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:32:47.0055 3252 MozillaMaintenance - ok

13:32:47.0133 3252 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

13:32:47.0133 3252 MpFilter - ok

13:32:47.0149 3252 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

13:32:47.0165 3252 mpio - ok

13:32:47.0180 3252 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:32:47.0180 3252 mpsdrv - ok

13:32:47.0227 3252 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

13:32:47.0243 3252 MpsSvc - ok

13:32:47.0258 3252 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:32:47.0258 3252 MRxDAV - ok

13:32:47.0274 3252 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:32:47.0289 3252 mrxsmb - ok

13:32:47.0305 3252 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:32:47.0321 3252 mrxsmb10 - ok

13:32:47.0336 3252 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:32:47.0336 3252 mrxsmb20 - ok

13:32:47.0352 3252 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

13:32:47.0352 3252 msahci - ok

13:32:47.0383 3252 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

13:32:47.0383 3252 msdsm - ok

13:32:47.0399 3252 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

13:32:47.0414 3252 MSDTC - ok

13:32:47.0430 3252 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:32:47.0430 3252 Msfs - ok

13:32:47.0445 3252 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

13:32:47.0445 3252 mshidkmdf - ok

13:32:47.0445 3252 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

13:32:47.0445 3252 msisadrv - ok

13:32:47.0492 3252 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:32:47.0492 3252 MSiSCSI - ok

13:32:47.0492 3252 msiserver - ok

13:32:47.0537 3252 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:32:47.0540 3252 MSKSSRV - ok

13:32:47.0607 3252 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

13:32:47.0609 3252 MsMpSvc - ok

13:32:47.0627 3252 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:32:47.0629 3252 MSPCLOCK - ok

13:32:47.0644 3252 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:32:47.0645 3252 MSPQM - ok

13:32:47.0665 3252 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:32:47.0668 3252 MsRPC - ok

13:32:47.0675 3252 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

13:32:47.0676 3252 mssmbios - ok

13:32:47.0689 3252 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:32:47.0690 3252 MSTEE - ok

13:32:47.0699 3252 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

13:32:47.0700 3252 MTConfig - ok

13:32:47.0715 3252 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

13:32:47.0716 3252 Mup - ok

13:32:47.0756 3252 [ 265937BC59819DF1DAB65E27C60F94C0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

13:32:47.0764 3252 MyWiFiDHCPDNS - ok

13:32:47.0792 3252 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

13:32:47.0792 3252 napagent - ok

13:32:47.0855 3252 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:32:47.0855 3252 NativeWifiP - ok

13:32:47.0933 3252 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

13:32:47.0948 3252 NDIS - ok

13:32:47.0964 3252 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

13:32:47.0964 3252 NdisCap - ok

13:32:47.0995 3252 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:32:47.0995 3252 NdisTapi - ok

13:32:48.0011 3252 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:32:48.0011 3252 Ndisuio - ok

13:32:48.0042 3252 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:32:48.0042 3252 NdisWan - ok

13:32:48.0058 3252 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:32:48.0058 3252 NDProxy - ok

13:32:48.0089 3252 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:32:48.0089 3252 NetBIOS - ok

13:32:48.0104 3252 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

13:32:48.0104 3252 NetBT - ok

13:32:48.0136 3252 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

13:32:48.0136 3252 Netlogon - ok

13:32:48.0198 3252 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

13:32:48.0214 3252 Netman - ok

13:32:48.0229 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:32:48.0276 3252 NetMsmqActivator - ok

13:32:48.0276 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:32:48.0276 3252 NetPipeActivator - ok

13:32:48.0307 3252 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

13:32:48.0323 3252 netprofm - ok

13:32:48.0323 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:32:48.0323 3252 NetTcpActivator - ok

13:32:48.0323 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:32:48.0323 3252 NetTcpPortSharing - ok

13:32:48.0494 3252 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

13:32:48.0596 3252 NETwNs64 - ok

13:32:48.0632 3252 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

13:32:48.0634 3252 nfrd960 - ok

13:32:48.0695 3252 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:32:48.0698 3252 NisDrv - ok

13:32:48.0717 3252 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

13:32:48.0726 3252 NisSrv - ok

13:32:48.0763 3252 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

13:32:48.0795 3252 NlaSvc - ok

13:32:48.0810 3252 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:32:48.0810 3252 Npfs - ok

13:32:48.0841 3252 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

13:32:48.0841 3252 nsi - ok

13:32:48.0841 3252 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:32:48.0841 3252 nsiproxy - ok

13:32:48.0919 3252 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:32:48.0951 3252 Ntfs - ok

13:32:48.0951 3252 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

13:32:48.0966 3252 Null - ok

13:32:48.0997 3252 [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

13:32:49.0029 3252 nusb3hub - ok

13:32:49.0044 3252 [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

13:32:49.0044 3252 nusb3xhc - ok

13:32:49.0091 3252 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

13:32:49.0107 3252 NVHDA - ok

13:32:49.0138 3252 [ 566F0CFD371304F17000B67DD585E34A ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys

13:32:49.0153 3252 nvkflt - ok

13:32:49.0387 3252 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:32:49.0434 3252 nvlddmkm - ok

13:32:49.0465 3252 [ 1891184D09E8C16042E57D5373E4268E ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys

13:32:49.0465 3252 nvpciflt - ok

13:32:49.0497 3252 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:32:49.0497 3252 nvraid - ok

13:32:49.0543 3252 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:32:49.0548 3252 nvstor - ok

13:32:49.0622 3252 [ 43F91595049DE14C4B61D1E76436164F ] NVSvc C:\Windows\system32\nvvsvc.exe

13:32:49.0641 3252 NVSvc - ok

13:32:49.0727 3252 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

13:32:49.0748 3252 nvUpdatusService - ok

13:32:49.0779 3252 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

13:32:49.0784 3252 nv_agp - ok

13:32:49.0816 3252 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

13:32:49.0816 3252 ohci1394 - ok

13:32:49.0894 3252 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:32:49.0910 3252 ose - ok

13:32:50.0050 3252 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:32:50.0097 3252 osppsvc - ok

13:32:50.0128 3252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

13:32:50.0128 3252 p2pimsvc - ok

13:32:50.0160 3252 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

13:32:50.0175 3252 p2psvc - ok

13:32:50.0206 3252 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

13:32:50.0206 3252 Parport - ok

13:32:50.0253 3252 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:32:50.0253 3252 partmgr - ok

13:32:50.0269 3252 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

13:32:50.0284 3252 PcaSvc - ok

13:32:50.0316 3252 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

13:32:50.0316 3252 pci - ok

13:32:50.0347 3252 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

13:32:50.0362 3252 pciide - ok

13:32:50.0378 3252 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

13:32:50.0394 3252 pcmcia - ok

13:32:50.0409 3252 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

13:32:50.0425 3252 pcw - ok

13:32:50.0440 3252 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:32:50.0456 3252 PEAUTH - ok

13:32:50.0546 3252 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

13:32:50.0550 3252 PerfHost - ok

13:32:50.0609 3252 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

13:32:50.0635 3252 pla - ok

13:32:50.0666 3252 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:32:50.0671 3252 PlugPlay - ok

13:32:50.0686 3252 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

13:32:50.0690 3252 PNRPAutoReg - ok

13:32:50.0708 3252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

13:32:50.0713 3252 PNRPsvc - ok

13:32:50.0753 3252 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:32:50.0761 3252 PolicyAgent - ok

13:32:50.0803 3252 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll

13:32:50.0804 3252 Power - ok

13:32:50.0835 3252 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:32:50.0851 3252 PptpMiniport - ok

13:32:50.0866 3252 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

13:32:50.0866 3252 Processor - ok

13:32:50.0913 3252 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

13:32:50.0913 3252 ProfSvc - ok

13:32:50.0929 3252 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

13:32:50.0929 3252 ProtectedStorage - ok

13:32:50.0944 3252 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

13:32:50.0960 3252 Psched - ok

13:32:50.0991 3252 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys

13:32:50.0991 3252 qicflt - ok

13:32:51.0069 3252 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

13:32:51.0116 3252 ql2300 - ok

13:32:51.0132 3252 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

13:32:51.0132 3252 ql40xx - ok

13:32:51.0163 3252 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

13:32:51.0178 3252 QWAVE - ok

13:32:51.0194 3252 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:32:51.0194 3252 QWAVEdrv - ok

13:32:51.0210 3252 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:32:51.0225 3252 RasAcd - ok

13:32:51.0256 3252 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

13:32:51.0256 3252 RasAgileVpn - ok

13:32:51.0272 3252 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

13:32:51.0288 3252 RasAuto - ok

13:32:51.0303 3252 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:32:51.0303 3252 Rasl2tp - ok

13:32:51.0319 3252 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

13:32:51.0334 3252 RasMan - ok

13:32:51.0350 3252 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:32:51.0366 3252 RasPppoe - ok

13:32:51.0381 3252 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:32:51.0381 3252 RasSstp - ok

13:32:51.0412 3252 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:32:51.0412 3252 rdbss - ok

13:32:51.0428 3252 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

13:32:51.0428 3252 rdpbus - ok

13:32:51.0459 3252 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:32:51.0459 3252 RDPCDD - ok

13:32:51.0490 3252 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:32:51.0490 3252 RDPENCDD - ok

13:32:51.0522 3252 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

13:32:51.0522 3252 RDPREFMP - ok

13:32:51.0562 3252 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:32:51.0565 3252 RDPWD - ok

13:32:51.0591 3252 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

13:32:51.0594 3252 rdyboost - ok

13:32:51.0675 3252 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

13:32:51.0693 3252 RegSrvc - ok

13:32:51.0721 3252 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:32:51.0724 3252 RemoteAccess - ok

13:32:51.0756 3252 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:32:51.0763 3252 RemoteRegistry - ok

13:32:51.0780 3252 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

13:32:51.0785 3252 RpcEptMapper - ok

13:32:51.0805 3252 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

13:32:51.0805 3252 RpcLocator - ok

13:32:51.0821 3252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

13:32:51.0836 3252 RpcSs - ok

13:32:51.0868 3252 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:32:51.0868 3252 rspndr - ok

13:32:51.0914 3252 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

13:32:51.0930 3252 RTL8167 - ok

13:32:51.0946 3252 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

13:32:51.0946 3252 SamSs - ok

13:32:52.0024 3252 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

13:32:52.0024 3252 SASDIFSV - ok

13:32:52.0039 3252 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

13:32:52.0039 3252 SASKUTIL - ok

13:32:52.0070 3252 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

13:32:52.0070 3252 sbp2port - ok

13:32:52.0086 3252 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:32:52.0102 3252 SCardSvr - ok

13:32:52.0117 3252 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

13:32:52.0133 3252 scfilter - ok

13:32:52.0180 3252 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

13:32:52.0211 3252 Schedule - ok

13:32:52.0226 3252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

13:32:52.0226 3252 SCPolicySvc - ok

13:32:52.0242 3252 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

13:32:52.0258 3252 sdbus - ok

13:32:52.0273 3252 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:32:52.0273 3252 SDRSVC - ok

13:32:52.0304 3252 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:32:52.0304 3252 secdrv - ok

13:32:52.0336 3252 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

13:32:52.0336 3252 seclogon - ok

13:32:52.0351 3252 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

13:32:52.0351 3252 SENS - ok

13:32:52.0382 3252 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

13:32:52.0382 3252 SensrSvc - ok

13:32:52.0429 3252 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

13:32:52.0429 3252 Serenum - ok

13:32:52.0476 3252 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

13:32:52.0476 3252 Serial - ok

13:32:52.0523 3252 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

13:32:52.0523 3252 sermouse - ok

13:32:52.0558 3252 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

13:32:52.0560 3252 SessionEnv - ok

13:32:52.0570 3252 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

13:32:52.0571 3252 sffdisk - ok

13:32:52.0587 3252 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

13:32:52.0588 3252 sffp_mmc - ok

13:32:52.0605 3252 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

13:32:52.0607 3252 sffp_sd - ok

13:32:52.0621 3252 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

13:32:52.0624 3252 sfloppy - ok

13:32:52.0663 3252 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:32:52.0672 3252 SharedAccess - ok

13:32:52.0699 3252 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:32:52.0703 3252 ShellHWDetection - ok

13:32:52.0744 3252 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

13:32:52.0747 3252 SiSRaid2 - ok

13:32:52.0771 3252 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

13:32:52.0773 3252 SiSRaid4 - ok

13:32:52.0811 3252 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

13:32:52.0827 3252 SkypeUpdate - ok

13:32:52.0858 3252 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:32:52.0858 3252 Smb - ok

13:32:52.0905 3252 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:32:52.0921 3252 SNMPTRAP - ok

13:32:52.0936 3252 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

13:32:52.0936 3252 spldr - ok

13:32:52.0999 3252 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

13:32:52.0999 3252 Spooler - ok

13:32:53.0108 3252 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

13:32:53.0123 3252 sppsvc - ok

13:32:53.0139 3252 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

13:32:53.0155 3252 sppuinotify - ok

13:32:53.0170 3252 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

13:32:53.0186 3252 srv - ok

13:32:53.0201 3252 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:32:53.0217 3252 srv2 - ok

13:32:53.0233 3252 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:32:53.0233 3252 srvnet - ok

13:32:53.0264 3252 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:32:53.0279 3252 SSDPSRV - ok

13:32:53.0279 3252 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:32:53.0295 3252 SstpSvc - ok

13:32:53.0389 3252 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

13:32:53.0404 3252 Stereo Service - ok

13:32:53.0435 3252 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

13:32:53.0435 3252 stexstor - ok

13:32:53.0482 3252 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

13:32:53.0498 3252 stisvc - ok

13:32:53.0513 3252 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

13:32:53.0513 3252 swenum - ok

13:32:53.0561 3252 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

13:32:53.0575 3252 swprv - ok

13:32:53.0641 3252 [ 5E3B232A614339399ACC71FA3AAAAA6B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

13:32:53.0650 3252 SynTP - ok

13:32:53.0828 3252 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

13:32:53.0844 3252 SysMain - ok

13:32:53.0859 3252 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:32:53.0859 3252 TabletInputService - ok

13:32:53.0875 3252 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

13:32:53.0891 3252 TapiSrv - ok

13:32:53.0906 3252 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

13:32:53.0906 3252 TBS - ok

13:32:54.0156 3252 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:32:54.0249 3252 Tcpip - ok

13:32:54.0312 3252 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

13:32:54.0312 3252 TCPIP6 - ok

13:32:54.0359 3252 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:32:54.0359 3252 tcpipreg - ok

13:32:54.0390 3252 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:32:54.0390 3252 TDPIPE - ok

13:32:54.0437 3252 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:32:54.0437 3252 TDTCP - ok

13:32:54.0452 3252 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:32:54.0468 3252 tdx - ok

13:32:54.0483 3252 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

13:32:54.0483 3252 TermDD - ok

13:32:54.0606 3252 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

13:32:54.0623 3252 TermService - ok

13:32:54.0646 3252 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

13:32:54.0648 3252 Themes - ok

13:32:54.0670 3252 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

13:32:54.0673 3252 THREADORDER - ok

13:32:54.0694 3252 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

13:32:54.0699 3252 TrkWks - ok

13:32:54.0751 3252 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:32:54.0755 3252 TrustedInstaller - ok

13:32:54.0783 3252 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:32:54.0786 3252 tssecsrv - ok

13:32:54.0808 3252 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

13:32:54.0810 3252 TsUsbFlt - ok

13:32:54.0816 3252 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

13:32:54.0816 3252 TsUsbGD - ok

13:32:54.0847 3252 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:32:54.0847 3252 tunnel - ok

13:32:54.0878 3252 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

13:32:54.0910 3252 TurboB - ok

13:32:54.0941 3252 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

13:32:54.0972 3252 TurboBoost - ok

13:32:54.0988 3252 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

13:32:54.0988 3252 uagp35 - ok

13:32:55.0003 3252 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:32:55.0019 3252 udfs - ok

13:32:55.0050 3252 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:32:55.0066 3252 UI0Detect - ok

13:32:55.0097 3252 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

13:32:55.0097 3252 uliagpkx - ok

13:32:55.0128 3252 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:32:55.0128 3252 umbus - ok

13:32:55.0159 3252 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

13:32:55.0159 3252 UmPass - ok

13:32:55.0190 3252 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

13:32:55.0190 3252 upnphost - ok

13:32:55.0222 3252 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:32:55.0253 3252 usbccgp - ok

13:32:55.0268 3252 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

13:32:55.0268 3252 usbcir - ok

13:32:55.0284 3252 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

13:32:55.0284 3252 usbehci - ok

13:32:55.0331 3252 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:32:55.0362 3252 usbhub - ok

13:32:55.0378 3252 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

13:32:55.0378 3252 usbohci - ok

13:32:55.0409 3252 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

13:32:55.0409 3252 usbprint - ok

13:32:55.0440 3252 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

13:32:55.0456 3252 usbscan - ok

13:32:55.0471 3252 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:32:55.0487 3252 USBSTOR - ok

13:32:55.0518 3252 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

13:32:55.0518 3252 usbuhci - ok

13:32:55.0558 3252 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

13:32:55.0563 3252 usbvideo - ok

13:32:55.0591 3252 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

13:32:55.0594 3252 UxSms - ok

13:32:55.0607 3252 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

13:32:55.0610 3252 VaultSvc - ok

13:32:55.0643 3252 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

13:32:55.0644 3252 vdrvroot - ok

13:32:55.0670 3252 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

13:32:55.0683 3252 vds - ok

13:32:55.0699 3252 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:32:55.0700 3252 vga - ok

13:32:55.0719 3252 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

13:32:55.0721 3252 VgaSave - ok

13:32:55.0745 3252 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

13:32:55.0751 3252 vhdmp - ok

13:32:55.0786 3252 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

13:32:55.0787 3252 viaide - ok

13:32:55.0811 3252 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

13:32:55.0813 3252 volmgr - ok

13:32:55.0821 3252 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:32:55.0837 3252 volmgrx - ok

13:32:55.0852 3252 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

13:32:55.0852 3252 volsnap - ok

13:32:55.0884 3252 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

13:32:55.0884 3252 vsmraid - ok

13:32:56.0008 3252 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

13:32:56.0024 3252 VSS - ok

13:32:56.0040 3252 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

13:32:56.0040 3252 vwifibus - ok

13:32:56.0055 3252 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

13:32:56.0055 3252 vwififlt - ok

13:32:56.0071 3252 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

13:32:56.0071 3252 vwifimp - ok

13:32:56.0102 3252 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

13:32:56.0118 3252 W32Time - ok

13:32:56.0133 3252 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

13:32:56.0133 3252 WacomPen - ok

13:32:56.0180 3252 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

13:32:56.0180 3252 WANARP - ok

13:32:56.0180 3252 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:32:56.0180 3252 Wanarpv6 - ok

13:32:56.0258 3252 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

13:32:56.0274 3252 WatAdminSvc - ok

13:32:56.0352 3252 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

13:32:56.0383 3252 wbengine - ok

13:32:56.0398 3252 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

13:32:56.0398 3252 WbioSrvc - ok

13:32:56.0414 3252 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:32:56.0430 3252 wcncsvc - ok

13:32:56.0445 3252 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:32:56.0445 3252 WcsPlugInService - ok

13:32:56.0461 3252 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

13:32:56.0461 3252 Wd - ok

13:32:56.0523 3252 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:32:56.0539 3252 Wdf01000 - ok

13:32:56.0583 3252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:32:56.0585 3252 WdiServiceHost - ok

13:32:56.0594 3252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:32:56.0599 3252 WdiSystemHost - ok

13:32:56.0637 3252 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys

13:32:56.0637 3252 wdkmd - ok

13:32:56.0666 3252 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

13:32:56.0676 3252 WebClient - ok

13:32:56.0695 3252 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:32:56.0704 3252 Wecsvc - ok

13:32:56.0711 3252 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:32:56.0714 3252 wercplsupport - ok

13:32:56.0734 3252 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

13:32:56.0737 3252 WerSvc - ok

13:32:56.0775 3252 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

13:32:56.0777 3252 WfpLwf - ok

13:32:56.0791 3252 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

13:32:56.0794 3252 WIMMount - ok

13:32:56.0806 3252 WinDefend - ok

13:32:56.0809 3252 WinHttpAutoProxySvc - ok

13:32:56.0869 3252 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:32:56.0869 3252 Winmgmt - ok

13:32:56.0947 3252 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

13:32:56.0978 3252 WinRM - ok

13:32:57.0025 3252 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

13:32:57.0025 3252 WinUsb - ok

13:32:57.0072 3252 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

13:32:57.0103 3252 Wlansvc - ok

13:32:57.0119 3252 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

13:32:57.0119 3252 WmiAcpi - ok

13:32:57.0166 3252 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:32:57.0166 3252 wmiApSrv - ok

13:32:57.0212 3252 WMPNetworkSvc - ok

13:32:57.0228 3252 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:32:57.0244 3252 WPCSvc - ok

13:32:57.0259 3252 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:32:57.0259 3252 WPDBusEnum - ok

13:32:57.0275 3252 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:32:57.0290 3252 ws2ifsl - ok

13:32:57.0322 3252 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

13:32:57.0322 3252 wscsvc - ok

13:32:57.0337 3252 WSearch - ok

13:32:57.0509 3252 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

13:32:57.0540 3252 wuauserv - ok

13:32:57.0577 3252 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

13:32:57.0606 3252 WudfPf - ok

13:32:57.0634 3252 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:32:57.0668 3252 WUDFRd - ok

13:32:57.0699 3252 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:32:57.0732 3252 wudfsvc - ok

13:32:57.0748 3252 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

13:32:57.0751 3252 WwanSvc - ok

13:32:57.0804 3252 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

13:32:57.0807 3252 xusb21 - ok

13:32:57.0844 3252 ================ Scan global ===============================

13:32:57.0860 3252 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

13:32:57.0922 3252 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

13:32:57.0938 3252 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

13:32:57.0953 3252 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

13:32:57.0985 3252 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

13:32:58.0000 3252 [Global] - ok

13:32:58.0000 3252 ================ Scan MBR ==================================

13:32:58.0016 3252 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

13:32:58.0016 3252 \Device\Harddisk1\DR1 - ok

13:32:58.0031 3252 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

13:32:58.0328 3252 \Device\Harddisk0\DR0 - ok

13:32:58.0343 3252 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

13:32:58.0343 3252 \Device\Harddisk1\DR1 - ok

13:32:58.0343 3252 ================ Scan VBR ==================================

13:32:58.0359 3252 [ 9AC1093A8D520238D267BE8797D16ADC ] \Device\Harddisk1\DR1\Partition1

13:32:58.0359 3252 \Device\Harddisk1\DR1\Partition1 - ok

13:32:58.0375 3252 [ 0CD6F0AE8B417F4949BBC2D2246A8443 ] \Device\Harddisk0\DR0\Partition1

13:32:58.0375 3252 \Device\Harddisk0\DR0\Partition1 - ok

13:32:58.0624 3252 [ EABD9F8DA3AA8C181F37BBA0939401F6 ] \Device\Harddisk0\DR0\Partition2

13:32:58.0624 3252 \Device\Harddisk0\DR0\Partition2 - ok

13:32:58.0624 3252 [ 9AC1093A8D520238D267BE8797D16ADC ] \Device\Harddisk1\DR1\Partition1

13:32:58.0624 3252 \Device\Harddisk1\DR1\Partition1 - ok

13:32:58.0624 3252 ============================================================

13:32:58.0624 3252 Scan finished

13:32:58.0624 3252 ============================================================

13:32:58.0655 3260 Detected object count: 0

13:32:58.0655 3260 Actual detected object count: 0

aswMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-14 13:34:44

-----------------------------

13:34:44.600 OS Version: Windows x64 6.1.7601 Service Pack 1

13:34:44.600 Number of processors: 8 586 0x2A07

13:34:44.600 ComputerName: COLIN-PC UserName: Colin

13:34:45.349 Initialize success

13:36:35.808 AVAST engine defs: 12111400

13:36:45.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:36:45.179 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3

13:36:45.195 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JMCR1Port1Path0Target0Lun0

13:36:45.195 Disk 1 Vendor: JMCR____ Size: 3830MB BusType: 0

13:36:45.226 Disk 0 MBR read successfully

13:36:45.226 Disk 0 MBR scan

13:36:45.242 Disk 0 Windows VISTA default MBR code

13:36:45.257 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63

13:36:45.273 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13568 MB offset 81920

13:36:45.304 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463328 MB offset 27869184

13:36:45.398 Disk 0 scanning C:\Windows\system32\drivers

13:37:06.460 Service scanning

13:37:41.450 Modules scanning

13:37:41.466 Disk 0 trace - called modules:

13:37:41.481 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

13:37:41.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009663790]

13:37:41.513 3 CLASSPNP.SYS[fffff88001b8f43f] -> nt!IofCallDriver -> [0xfffffa8006d19ca0]

13:37:41.528 5 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80079cd050]

13:37:42.547 AVAST engine scan C:\Windows

13:37:50.557 AVAST engine scan C:\Windows\system32

13:41:30.342 AVAST engine scan C:\Windows\system32\drivers

13:41:46.381 AVAST engine scan C:\Users\Colin

14:11:29.739 File: C:\Users\Colin\Downloads\DownloadManager_Setup(1).exe **INFECTED** Win32:Adware-gen [Adw]

14:11:29.988 File: C:\Users\Colin\Downloads\DownloadManager_Setup.exe **INFECTED** Win32:Adware-gen [Adw]

14:14:31.394 AVAST engine scan C:\ProgramData

14:15:16.044 Scan finished successfully

14:15:42.228 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Documents\MBR.dat"

14:15:42.243 The log file has been saved successfully to "C:\Users\Colin\Documents\aswMBR.txt"

14:33:48.501 Verifying

14:33:58.579 Disk 0 Windows 601 MBR fixed successfully

14:35:20.781 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Documents\MBR.dat"

14:35:20.781 The log file has been saved successfully to "C:\Users\Colin\Documents\aswMBR2.txt"

Link to post
Share on other sites

Here is the latest combofix Log after running w/ CFScript.

ComboFix 12-11-14.01 - Colin 11/14/2012 14:53:08.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6331 [GMT -6:00]

Running from: c:\users\Colin\Desktop\ComboFix.exe

Command switches used :: c:\users\Colin\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))

.

.

2012-11-14 20:56 . 2012-11-14 20:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-14 20:56 . 2012-11-14 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-14 19:41 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C69010D-53D4-4E30-B67C-5ACD60DFF118}\mpengine.dll

2012-11-14 19:31 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-14 19:27 . 2012-11-14 19:27 -------- d-----w- C:\FRST

2012-11-14 19:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 19:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 19:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 19:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 18:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 18:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 18:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 18:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 18:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 18:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 18:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-12 14:07 . 2012-11-12 14:07 -------- d-----w- c:\users\Colin\Savages UNRATED (2012)

2012-11-11 13:09 . 2012-11-11 15:33 -------- d-----w- c:\users\Colin\Workingmans.Death.2005.PAL.DVDR

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\Colin\Putty Hill 2010.DVDRip.XviD-playXD

2012-11-05 18:33 . 2012-11-05 18:33 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-10-29 23:57 . 2012-10-29 23:57 -------- d-----w- c:\users\Colin\The Interrupters 2011 720p BRRip x264 AC3-26K

2012-10-20 19:48 . 2012-09-25 22:26 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03A34273-37BF-4FB0-BCC5-340C9983291A}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-14 19:00 . 2012-02-26 00:13 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 18:06 . 2012-10-08 15:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 18:06 . 2012-02-23 22:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 17:02 . 2012-09-30 17:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-30 17:02 . 2012-09-30 17:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-30 17:02 . 2012-02-23 23:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-25 22:26 . 2012-06-12 16:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-14 19:19 . 2012-10-10 14:48 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 14:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 14:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 19:14 . 2012-10-01 15:33 9066344 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-30 19:14 . 2012-10-01 15:33 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-08-30 19:14 . 2012-10-01 15:33 7397736 ----a-w- c:\windows\system32\nvopencl.dll

2012-08-30 19:14 . 2012-10-01 15:33 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-08-30 19:14 . 2012-10-01 15:33 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2012-08-30 19:14 . 2012-10-01 15:33 284008 ----a-w- c:\windows\system32\drivers\nvkflt.sys

2012-08-30 19:14 . 2012-10-01 15:33 2745192 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-30 19:14 . 2012-10-01 15:33 26228072 ----a-w- c:\windows\system32\nvoglv64.dll

2012-08-30 19:14 . 2012-10-01 15:33 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-08-30 19:14 . 2012-10-01 15:33 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-30 19:14 . 2012-10-01 15:33 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-30 19:14 . 2012-10-01 15:33 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-08-30 19:14 . 2012-10-01 15:33 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-08-30 19:14 . 2012-10-01 15:33 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-08-30 19:14 . 2012-10-01 15:33 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-08-30 19:14 . 2012-10-01 15:33 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-08-30 19:14 . 2012-10-01 15:33 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-08-30 19:14 . 2012-10-01 15:33 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-08-30 19:14 . 2012-10-01 15:33 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-30 19:14 . 2012-10-01 15:33 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-08-30 19:14 . 2012-02-22 16:10 971624 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-08-30 19:14 . 2012-02-22 16:10 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-08-30 19:14 . 2012-02-22 16:10 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-08-30 19:14 . 2012-02-22 16:10 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-08-30 19:14 . 2012-02-22 16:10 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-08-30 19:14 . 2012-02-22 16:10 2725224 ----a-w- c:\windows\system32\nvapi64.dll

2012-08-30 19:14 . 2012-02-22 16:10 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-08-30 18:03 . 2012-10-10 14:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 14:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 14:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 16:18 . 2011-10-17 09:19 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-08-30 16:18 . 2011-10-17 06:19 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-30 16:18 . 2011-10-17 06:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-30 16:18 . 2011-10-17 06:19 865640 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-08-30 16:18 . 2011-10-17 06:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-08-30 16:18 . 2011-10-17 09:19 3487434 ----a-w- c:\windows\system32\nvcoproc.bin

2012-08-30 16:18 . 2011-10-17 06:19 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-08-30 16:18 . 2011-10-17 06:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll

2012-08-30 16:17 . 2011-10-17 06:19 6198120 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-08-24 18:05 . 2012-10-10 14:48 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 14:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-12 18:57 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 18:57 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 18:57 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 22:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-10 14:48 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 14:48 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 14:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 14:48 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 14:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 14:48 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 14:48 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 14:48 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 14:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 14:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 14:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 14:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 14:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-18 963984]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]

"D3DOverrider"="c:\d3doverrider\D3DOverriderWrapper.exe" [2009-08-23 40960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

.

c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736]

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-24 283200]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 18:06]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001Core.job

- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001UA.job

- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.dell.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-14 14:58:11

ComboFix-quarantined-files.txt 2012-11-14 20:58

ComboFix2.txt 2012-11-14 19:29

ComboFix3.txt 2011-10-03 20:22

.

Pre-Run: 30,631,583,744 bytes free

Post-Run: 30,472,450,048 bytes free

.

- - End Of File - - B71A8C4259C9B9F90800E7BC043F6EAA

Link to post
Share on other sites

  • Staff

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box


C:\Qoobox\Add-Remove Programs.txt

  • click ok

copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

This is the report I got after following directions:

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI

Cerenade Filler

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

FIFA 12 © EA version 1

FIFA 13

Football Manager 2012

Google Chrome

Google Earth

Google Talk Plugin

Google Update Helper

Intel PROSet Wireless

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Wireless Display

Java 7 Update 7

Java Auto Updater

JMicron Flash Media Controller Driver

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Origin

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Rhapsody

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.10

SopCast 3.4.8

StreamTorrent 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

VLC media player 2.0.2

Yahoo! Messenger

Link to post
Share on other sites

I ran combofix again:

ComboFix 12-11-14.01 - Colin 11/14/2012 20:25:58.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6017 [GMT -6:00]

Running from: c:\users\Colin\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))

.

.

2012-11-15 02:29 . 2012-11-15 02:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-15 02:29 . 2012-11-15 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-14 21:18 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A710F53E-E49A-4D09-B6D2-0E0E901B39B3}\mpengine.dll

2012-11-14 19:31 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-14 19:27 . 2012-11-14 19:27 -------- d-----w- C:\FRST

2012-11-14 19:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 19:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 19:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 19:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 18:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 18:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 18:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 18:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 18:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 18:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 18:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-12 14:07 . 2012-11-12 14:07 -------- d-----w- c:\users\Colin\Savages UNRATED (2012)

2012-11-11 13:09 . 2012-11-11 15:33 -------- d-----w- c:\users\Colin\Workingmans.Death.2005.PAL.DVDR

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\Colin\Putty Hill 2010.DVDRip.XviD-playXD

2012-11-05 18:33 . 2012-11-05 18:33 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-10-29 23:57 . 2012-10-29 23:57 -------- d-----w- c:\users\Colin\The Interrupters 2011 720p BRRip x264 AC3-26K

2012-10-20 19:48 . 2012-09-25 22:26 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03A34273-37BF-4FB0-BCC5-340C9983291A}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-14 19:00 . 2012-02-26 00:13 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 18:06 . 2012-10-08 15:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 18:06 . 2012-02-23 22:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 17:02 . 2012-09-30 17:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-30 17:02 . 2012-09-30 17:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-30 17:02 . 2012-02-23 23:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-25 22:26 . 2012-06-12 16:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-14 19:19 . 2012-10-10 14:48 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 14:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 14:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 19:14 . 2012-10-01 15:33 9066344 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-30 19:14 . 2012-10-01 15:33 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-08-30 19:14 . 2012-10-01 15:33 7397736 ----a-w- c:\windows\system32\nvopencl.dll

2012-08-30 19:14 . 2012-10-01 15:33 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-08-30 19:14 . 2012-10-01 15:33 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2012-08-30 19:14 . 2012-10-01 15:33 284008 ----a-w- c:\windows\system32\drivers\nvkflt.sys

2012-08-30 19:14 . 2012-10-01 15:33 2745192 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-30 19:14 . 2012-10-01 15:33 26228072 ----a-w- c:\windows\system32\nvoglv64.dll

2012-08-30 19:14 . 2012-10-01 15:33 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-08-30 19:14 . 2012-10-01 15:33 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-30 19:14 . 2012-10-01 15:33 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-30 19:14 . 2012-10-01 15:33 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-08-30 19:14 . 2012-10-01 15:33 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-08-30 19:14 . 2012-10-01 15:33 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-08-30 19:14 . 2012-10-01 15:33 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-08-30 19:14 . 2012-10-01 15:33 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-08-30 19:14 . 2012-10-01 15:33 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-08-30 19:14 . 2012-10-01 15:33 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-08-30 19:14 . 2012-10-01 15:33 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-30 19:14 . 2012-10-01 15:33 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-08-30 19:14 . 2012-02-22 16:10 971624 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-08-30 19:14 . 2012-02-22 16:10 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-08-30 19:14 . 2012-02-22 16:10 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-08-30 19:14 . 2012-02-22 16:10 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-08-30 19:14 . 2012-02-22 16:10 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-08-30 19:14 . 2012-02-22 16:10 2725224 ----a-w- c:\windows\system32\nvapi64.dll

2012-08-30 19:14 . 2012-02-22 16:10 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-08-30 18:03 . 2012-10-10 14:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 14:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 14:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 16:18 . 2011-10-17 09:19 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-08-30 16:18 . 2011-10-17 06:19 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-30 16:18 . 2011-10-17 06:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-30 16:18 . 2011-10-17 06:19 865640 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-08-30 16:18 . 2011-10-17 06:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-08-30 16:18 . 2011-10-17 09:19 3487434 ----a-w- c:\windows\system32\nvcoproc.bin

2012-08-30 16:18 . 2011-10-17 06:19 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-08-30 16:18 . 2011-10-17 06:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll

2012-08-30 16:17 . 2011-10-17 06:19 6198120 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-08-24 18:05 . 2012-10-10 14:48 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 14:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-12 18:57 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 18:57 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 18:57 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 22:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-10 14:48 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 14:48 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 14:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 14:48 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 14:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 14:48 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 14:48 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 14:48 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 14:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 14:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 14:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 14:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 14:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 14:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 14:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-18 963984]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]

"D3DOverrider"="c:\d3doverrider\D3DOverriderWrapper.exe" [2009-08-23 40960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

.

c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736]

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-24 283200]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 18:06]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 03:36]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001Core.job

- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001UA.job

- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 03:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.dell.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-14 20:31:09

ComboFix-quarantined-files.txt 2012-11-15 02:31

ComboFix2.txt 2012-11-14 20:58

ComboFix3.txt 2012-11-14 19:29

ComboFix4.txt 2011-10-03 20:22

.

Pre-Run: 30,018,621,440 bytes free

Post-Run: 29,947,789,312 bytes free

.

- - End Of File - - 983223ABADDBCBF009C3DC84DE16486C

Link to post
Share on other sites

  • Staff

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur

Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.


  • FBI Cyber Education Letter
    File sharing infects 500,000 computers
    USAToday
    infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job


  • Programs to remove

  • µTorrent
    Java 7 Update 7


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :


  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware

    [*]then click Finish.

    [*]If an update is found, it will download and install the latest version.

    [*]Once the program has loaded, select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"


  • In your next post I need the following

    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo

Link to post
Share on other sites

Thanks Gringo -- here are the logs. The computer is running a little better, still slow at some points. Also, Nothing is appearing on my desktop still. Even when I click send to desktop.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.15.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Colin :: COLIN-PC [administrator]

Protection: Enabled

11/14/2012 10:11:35 PM

mbam-log-2012-11-14 (22-11-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223766

Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Colin\Downloads\DownloadManager_Setup(1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\Users\Colin\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\Users\Colin\Downloads\mplayer_1193.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:19:46 PM, on 11/14/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Users\Colin\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [D3DOverrider] "C:\D3DOverrider\D3DOverriderWrapper.exe" /s

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-21-2086934428-1904327760-3196116789-1001\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED (User '?')

O4 - S-1-5-21-2086934428-1904327760-3196116789-1001 Startup: Intel® Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (User '?')

O4 - Startup: Intel® Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9880 bytes

Link to post
Share on other sites

The unhide was unable to recover the icons and gave me this log:

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 11/14/2012 11:21:02 PM

Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 260798 files processed.

Processing the G:\ drive

Finished processing the G:\ drive. 3 files processed.

The C:\Users\Colin\AppData\Local\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

* HideIcons was set to 1! It was set back to 0!

Restarting Explorer.exe in order to apply changes.

Program finished at: 11/14/2012 11:23:52 PM

Execution time: 0 hours(s), 2 minute(s), and 50 seconds(s)

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

Sorry this is keeping you Gringo -- You've been great in support. When I restarted after the unhide application, windows updated 2 files. During restart, it said something about updating registry files on the Black Windows screen, not sure if that helps.

Here is the latest log from OTL.

oOTL logfile created on: 11/14/2012 11:32:20 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Colin\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 72.89% Memory free

15.83 Gb Paging File | 13.48 Gb Available in Paging File | 85.18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 452.47 Gb Total Space | 32.24 Gb Free Space | 7.13% Space Free | Partition Type: NTFS

Drive G: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: COLIN-PC | User Name: Colin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Colin\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0beca50c12eaf6f0bff6236eb72cc36e\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6735246d68993bee06abd24deeb32983\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()

MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)

SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}

IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Colin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Colin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 15:20:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/23 20:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Extensions

[2012/10/23 12:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions

[2012/04/23 11:26:52 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com

[2012/10/27 15:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/27 15:20:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/30 19:02:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/13 16:14:50 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\23.0.1271.60\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\23.0.1271.60\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\23.0.1271.60\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Evernote Web Clipper = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.7_0\

CHR - Extension: Gmail = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/14 13:27:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [D3DOverrider] C:\D3DOverrider\D3DOverriderWrapper.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149F73DE-6C21-4612-BDC1-27DE7C9DFD27}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A430ED-4DA1-4791-A4A6-B95DC9757DBA}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/14 22:11:01 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Malwarebytes

[2012/11/14 22:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/14 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/14 22:10:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/11/14 22:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/14 22:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/11/14 22:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/11/14 22:04:58 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/11/14 22:04:52 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/11/14 22:04:52 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/11/14 22:04:52 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012/11/14 22:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/11/14 22:01:31 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012/11/14 22:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2012/11/14 21:55:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/14 20:31:11 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/14 13:27:39 | 000,000,000 | ---D | C] -- C:\FRST

[2012/11/14 13:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/14 13:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/14 13:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/14 13:20:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/14 13:20:05 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\Colin\Desktop\ComboFix.exe

[2012/11/14 13:14:30 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\RK_Quarantine

[2012/11/14 13:05:41 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2012/11/14 13:05:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2012/11/14 13:01:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/11/14 13:01:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/11/14 13:01:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/11/14 13:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/11/14 13:01:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/11/14 13:01:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/11/14 13:01:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/11/14 13:01:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/11/14 13:01:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/11/14 13:01:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/11/14 13:01:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/11/14 13:01:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/11/14 13:01:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/11/14 13:01:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/11/14 13:01:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/11/14 12:59:33 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2012/11/14 12:59:32 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2012/11/14 12:59:32 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2012/11/14 12:59:32 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2012/11/13 22:01:18 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2012/11/13 22:01:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/11/13 22:01:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2012/11/13 22:01:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll

[2012/11/13 22:01:14 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2012/11/13 22:01:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/11/13 22:01:13 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/11/13 22:01:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/11/13 22:01:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2012/11/13 22:01:02 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/11/13 22:01:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012/11/12 08:07:51 | 000,000,000 | ---D | C] -- C:\Users\Colin\Savages UNRATED (2012)

[2012/11/11 07:09:07 | 000,000,000 | ---D | C] -- C:\Users\Colin\Workingmans.Death.2005.PAL.DVDR

[2012/11/05 16:30:55 | 000,000,000 | ---D | C] -- C:\Users\Colin\Putty Hill 2010.DVDRip.XviD-playXD

[2012/11/05 12:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/11/05 12:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012/10/29 17:57:52 | 000,000,000 | ---D | C] -- C:\Users\Colin\The Interrupters 2011 720p BRRip x264 AC3-26K

[2012/10/27 15:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/11/14 23:30:46 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/14 23:30:46 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/14 23:29:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/14 23:28:37 | 000,416,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/14 23:28:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/14 23:27:54 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/14 23:23:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/14 23:20:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/14 22:45:36 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001UA.job

[2012/11/14 22:45:34 | 000,002,372 | ---- | M] () -- C:\Users\Colin\Desktop\Google Chrome.lnk

[2012/11/14 22:44:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2086934428-1904327760-3196116789-1001Core.job

[2012/11/14 22:19:15 | 000,001,485 | ---- | M] () -- C:\Users\Colin\Desktop\HijackThis - Shortcut.lnk

[2012/11/14 22:10:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/14 22:06:17 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/11/14 22:04:47 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012/11/14 22:04:44 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012/11/14 22:04:44 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/11/14 22:04:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/11/14 22:04:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/11/14 22:01:31 | 000,001,270 | ---- | M] () -- C:\Users\Colin\Desktop\Revo Uninstaller.lnk

[2012/11/14 20:23:25 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/14 20:23:25 | 000,663,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/14 20:23:25 | 000,122,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/14 14:41:15 | 000,001,485 | ---- | M] () -- C:\Users\Colin\Desktop\adwcleaner - Shortcut.lnk

[2012/11/14 14:35:20 | 000,000,512 | ---- | M] () -- C:\Users\Colin\Documents\MBR.dat

[2012/11/14 13:27:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/14 13:20:15 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\Colin\Desktop\ComboFix.exe

[2012/11/14 13:01:07 | 000,001,494 | ---- | M] () -- C:\Users\Colin\Desktop\RogueKiller - Shortcut.lnk

[2012/11/12 14:30:28 | 000,077,560 | ---- | M] () -- C:\Users\Colin\Documents\Admin Assistant Cover Letter - Investment Firm.pdf

[2012/11/12 14:24:08 | 000,078,166 | ---- | M] () -- C:\Users\Colin\Documents\News Agent Asisstant Cover Letter.pdf

[2012/11/09 12:47:56 | 000,001,642 | ---- | M] () -- C:\Users\Colin\Desktop\FM 13.lnk

[2012/11/05 13:06:31 | 000,076,449 | ---- | M] () -- C:\Users\Colin\Documents\Internet Marketing Cover - Colin Lindsey.pdf

[2012/11/05 12:51:25 | 000,076,658 | ---- | M] () -- C:\Users\Colin\Documents\Legal Assistant Cover Letter.pdf

[2012/11/05 12:43:48 | 000,074,549 | ---- | M] () -- C:\Users\Colin\Documents\Human Resources Clerk Cover Letter.pdf

[2012/11/02 13:28:26 | 000,076,427 | ---- | M] () -- C:\Users\Colin\Documents\Administrative Assistant Cover Letter.pdf

[2012/11/02 13:24:09 | 000,078,890 | ---- | M] () -- C:\Users\Colin\Documents\OnForce Solar Cover Letter - Colin Lindsey.pdf

[2012/11/02 13:14:28 | 000,076,001 | ---- | M] () -- C:\Users\Colin\Documents\Extreme Reach Cover Letter - Colin Lindsey.pdf

[2012/10/29 11:14:28 | 000,076,896 | ---- | M] () -- C:\Users\Colin\Documents\Front Office Assistant Cover Letter.pdf

[2012/10/29 11:08:33 | 000,079,401 | ---- | M] () -- C:\Users\Colin\Documents\Mt Sequoyah Cover Letter - Colin Lindsey.pdf

[2012/10/25 14:11:21 | 000,078,633 | ---- | M] () -- C:\Users\Colin\Documents\Madoff Productions Cover Letter - Colin Lindsey.pdf

[2012/10/25 13:56:04 | 000,077,767 | ---- | M] () -- C:\Users\Colin\Documents\NonProfit Events Cover Letter - Colin Lindsey.pdf

[2012/10/25 13:30:25 | 000,079,276 | ---- | M] () -- C:\Users\Colin\Documents\Law Offices of Marian Polovy Cover Letter - Colin Lindsey.pdf

[2012/10/23 15:43:06 | 000,076,738 | ---- | M] () -- C:\Users\Colin\Documents\Government Affairs Assistant Cover Letter.pdf

[2012/10/23 12:08:43 | 000,079,486 | ---- | M] () -- C:\Users\Colin\Documents\Voxy Cover Letter.pdf

[2012/10/22 17:49:24 | 000,076,928 | ---- | M] () -- C:\Users\Colin\Documents\IT Consulting Firm Cover Letter.pdf

[2012/10/17 14:10:41 | 000,077,441 | ---- | M] () -- C:\Users\Colin\Documents\Admin Assistant Cover Letter.pdf

[2012/10/17 14:06:24 | 000,074,091 | ---- | M] () -- C:\Users\Colin\Documents\Hostel Cover Letter.pdf

[2012/10/17 13:51:54 | 000,076,759 | ---- | M] () -- C:\Users\Colin\Documents\Background Investigator Cover Letter.pdf

[2012/10/17 13:28:25 | 000,079,166 | ---- | M] () -- C:\Users\Colin\Documents\LEAP NYC Cover Letter.pdf

[2012/10/16 11:22:49 | 000,079,153 | ---- | M] () -- C:\Users\Colin\Documents\Public Knowlege Cover Letter.pdf

[2012/10/16 11:11:01 | 000,079,513 | ---- | M] () -- C:\Users\Colin\Documents\Washington Area Community Investment Fund Cover.pdf

[2012/10/16 10:43:37 | 000,078,726 | ---- | M] () -- C:\Users\Colin\Documents\The Brookings Institution Cover Letter.pdf

========== Files Created - No Company Name ==========

[2012/11/14 22:18:30 | 000,001,485 | ---- | C] () -- C:\Users\Colin\Desktop\HijackThis - Shortcut.lnk

[2012/11/14 22:10:56 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/14 22:06:17 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/11/14 22:01:31 | 000,001,270 | ---- | C] () -- C:\Users\Colin\Desktop\Revo Uninstaller.lnk

[2012/11/14 14:15:42 | 000,000,512 | ---- | C] () -- C:\Users\Colin\Documents\MBR.dat

[2012/11/14 13:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/14 13:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/14 13:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/14 13:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/14 13:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/14 13:05:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/14 13:01:07 | 000,001,494 | ---- | C] () -- C:\Users\Colin\Desktop\RogueKiller - Shortcut.lnk

[2012/11/14 12:59:55 | 000,001,485 | ---- | C] () -- C:\Users\Colin\Desktop\adwcleaner - Shortcut.lnk

[2012/11/14 12:59:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/12 14:30:28 | 000,077,560 | ---- | C] () -- C:\Users\Colin\Documents\Admin Assistant Cover Letter - Investment Firm.pdf

[2012/11/12 14:24:08 | 000,078,166 | ---- | C] () -- C:\Users\Colin\Documents\News Agent Asisstant Cover Letter.pdf

[2012/11/09 12:47:56 | 000,001,642 | ---- | C] () -- C:\Users\Colin\Desktop\FM 13.lnk

[2012/11/05 13:06:30 | 000,076,449 | ---- | C] () -- C:\Users\Colin\Documents\Internet Marketing Cover - Colin Lindsey.pdf

[2012/11/05 12:43:48 | 000,074,549 | ---- | C] () -- C:\Users\Colin\Documents\Human Resources Clerk Cover Letter.pdf

[2012/11/05 12:33:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2012/11/02 13:23:35 | 000,078,890 | ---- | C] () -- C:\Users\Colin\Documents\OnForce Solar Cover Letter - Colin Lindsey.pdf

[2012/11/02 13:14:05 | 000,076,001 | ---- | C] () -- C:\Users\Colin\Documents\Extreme Reach Cover Letter - Colin Lindsey.pdf

[2012/10/29 11:14:28 | 000,076,896 | ---- | C] () -- C:\Users\Colin\Documents\Front Office Assistant Cover Letter.pdf

[2012/10/29 11:08:32 | 000,079,401 | ---- | C] () -- C:\Users\Colin\Documents\Mt Sequoyah Cover Letter - Colin Lindsey.pdf

[2012/10/25 14:11:20 | 000,078,633 | ---- | C] () -- C:\Users\Colin\Documents\Madoff Productions Cover Letter - Colin Lindsey.pdf

[2012/10/25 13:56:03 | 000,077,767 | ---- | C] () -- C:\Users\Colin\Documents\NonProfit Events Cover Letter - Colin Lindsey.pdf

[2012/10/25 13:30:25 | 000,079,276 | ---- | C] () -- C:\Users\Colin\Documents\Law Offices of Marian Polovy Cover Letter - Colin Lindsey.pdf

[2012/10/23 15:43:05 | 000,076,738 | ---- | C] () -- C:\Users\Colin\Documents\Government Affairs Assistant Cover Letter.pdf

[2012/10/23 12:08:23 | 000,079,486 | ---- | C] () -- C:\Users\Colin\Documents\Voxy Cover Letter.pdf

[2012/10/22 17:49:23 | 000,076,928 | ---- | C] () -- C:\Users\Colin\Documents\IT Consulting Firm Cover Letter.pdf

[2012/10/22 17:32:40 | 000,076,427 | ---- | C] () -- C:\Users\Colin\Documents\Administrative Assistant Cover Letter.pdf

[2012/10/17 14:10:41 | 000,077,441 | ---- | C] () -- C:\Users\Colin\Documents\Admin Assistant Cover Letter.pdf

[2012/10/17 14:06:24 | 000,074,091 | ---- | C] () -- C:\Users\Colin\Documents\Hostel Cover Letter.pdf

[2012/10/17 13:51:54 | 000,076,759 | ---- | C] () -- C:\Users\Colin\Documents\Background Investigator Cover Letter.pdf

[2012/10/17 13:28:24 | 000,079,166 | ---- | C] () -- C:\Users\Colin\Documents\LEAP NYC Cover Letter.pdf

[2012/10/16 11:22:49 | 000,079,153 | ---- | C] () -- C:\Users\Colin\Documents\Public Knowlege Cover Letter.pdf

[2012/10/16 11:08:27 | 000,079,513 | ---- | C] () -- C:\Users\Colin\Documents\Washington Area Community Investment Fund Cover.pdf

[2012/10/16 10:43:36 | 000,078,726 | ---- | C] () -- C:\Users\Colin\Documents\The Brookings Institution Cover Letter.pdf

[2012/08/30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/03/07 15:33:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2012/02/23 22:03:34 | 000,000,121 | ---- | C] () -- C:\Users\Colin\webct_upload_applet.properties

[2012/02/23 22:03:34 | 000,000,099 | ---- | C] () -- C:\Users\Colin\jagex_runescape_preferences2.dat

[2012/02/23 22:03:34 | 000,000,046 | ---- | C] () -- C:\Users\Colin\jagex_runescape_preferences.dat

[2012/02/23 22:03:34 | 000,000,000 | ---- | C] () -- C:\Users\Colin\jagex__preferences3.dat

[2012/02/22 10:10:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/02/22 10:10:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/02/22 10:10:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012/02/22 10:10:37 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/02/22 10:10:36 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/02/10 10:10:51 | 000,799,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========

[2012/02/23 22:03:45 | 000,111,616 | ---- | C] ()(C:\Users\Colin\Documents\??? ?? ??? ?? (Colin Reply).doc) -- C:\Users\Colin\Documents\어학원 강사 계약서 도봉 (Colin Reply).doc

[2011/10/12 00:58:24 | 000,111,616 | ---- | M] ()(C:\Users\Colin\Documents\??? ?? ??? ?? (Colin Reply).doc) -- C:\Users\Colin\Documents\어학원 강사 계약서 도봉 (Colin Reply).doc

< End of report >

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4 - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    IE - HKU\S-1-5-21-2086934428-1904327760-3196116789-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...q={searchTerms}
    [2012/04/23 11:26:52 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com

    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Here is the report after running OTL --- Icons still don't appear. Seems like the problem is still hidden somewhere.

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.

Registry value HKEY_USERS\S-1-5-21-2086934428-1904327760-3196116789-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.

File move failed. C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry key HKEY_USERS\S-1-5-21-2086934428-1904327760-3196116789-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.

C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\META-INF folder moved successfully.

C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\gen folder moved successfully.

C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\defaults\preferences folder moved successfully.

C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\defaults folder moved successfully.

C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\components folder moved successfully.

C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com\chrome folder moved successfully.

C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\b731jiqo.default\extensions\appbar@alot.com folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Colin\Downloads\cmd.bat deleted successfully.

C:\Users\Colin\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Colin

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Colin

->Flash cache emptied: 774 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11152012_115321

Files\Folders moved on Reboot...

File\Folder C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Gringo --

The icons now appear. After shutting down though, they again were not present on restart. I clicked on the "show icons" again when they came up.

Also, occasionaly my computer will suddenly start after it's been sleeping and the lid is closed with no power supply. Do you think this is related to a virus?

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - HKUS\S-1-5-21-2086934428-1904327760-3196116789-1001\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED (User '?')

    [*] Close all open windows and browsers/email, etc...

    [*] Click on the "Fix Checked" button

    [*] When completed, close the application.

    • NOTE**You can research each of those lines
    >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.