Jump to content

[Request] Please check my logs for infection


xerrex

Recommended Posts

I faced a similar issue as the thread below:

http://forums.malwarebytes.org/index.php?showtopic=97991

whenever I am online, PING.exe starts consuming >80% of my CPU resource

if that isnt suspicious i dunno what is ._.

I followed some steps from the aforementioned thread, and ping.exe has yet to surface thus far

I need confirmation that my laptop is clean.

Can someone decipher my MBAM and HijackThis logs?

TIA :)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:08:41 PM, on 11/3/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7505 bytes

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8075

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/3/2011 9:07:23 PM

mbam-log-2011-11-03 (21-07-23).txt

Scan type: Quick scan

Objects scanned: 170357

Time elapsed: 1 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

help anyone? >.<

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8075

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/3/2011 7:36:52 PM

mbam-log-2011-11-03 (19-36-52).txt

Scan type: Quick scan

Objects scanned: 166349

Time elapsed: 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

apologies. i used the wrong log for the previous post

pls use this instead

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8105

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

11/7/2011 6:33:39 PM

mbam-log-2011-11-07 (18-33-39).txt

Scan type: Quick scan

Objects scanned: 171002

Time elapsed: 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by EC at 18:39:24 on 2011-11-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3704 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [showBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.disabled

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7E194F84-B79B-4AEA-8A46-BD4815ED346A} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7E194F84-B79B-4AEA-8A46-BD4815ED346A}\3594E4744554C4D223837303 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7E194F84-B79B-4AEA-8A46-BD4815ED346A}\7796C64616 : DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\EC\AppData\Roaming\Mozilla\Firefox\Profiles\5l65vswi.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Users\EC\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-3-3 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-28 102968]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-4 13592]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-3 1153368]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-4 2533400]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-11-07 10:32:28 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-07 10:18:08 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C940AF51-DC9B-48D9-983F-95C833B44CDB}\offreg.dll

2011-11-07 07:08:52 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C940AF51-DC9B-48D9-983F-95C833B44CDB}\mpengine.dll

2011-11-07 06:09:14 -------- d-----w- C:\Users\EC\AppData\Local\{BAD4D682-A194-4B6C-96F2-AFF152A0BA2C}

2011-11-07 06:09:04 -------- d-----w- C:\Users\EC\AppData\Local\{8E024B90-1302-4EE3-A0D9-DB3287A2D11A}

2011-11-07 06:09:04 -------- d-----w- C:\Users\EC\AppData\Local\{36E92C3D-90D5-44E0-9E90-011DA0C6B9D4}

2011-11-06 18:08:39 -------- d-----w- C:\Users\EC\AppData\Local\{527ECD2F-89B8-4682-81B7-641D93D87DE7}

2011-11-06 18:08:27 -------- d-----w- C:\Users\EC\AppData\Local\{C9F85C09-D2D6-43EE-B8A2-79988E2ED550}

2011-11-06 14:23:26 -------- d-----w- C:\Users\EC\Folder2

2011-11-06 12:18:37 -------- d-----w- C:\Users\EC\Folder1

2011-11-06 03:22:44 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-11-06 03:22:43 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-11-06 03:22:43 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-11-06 03:21:43 -------- d-----w- C:\Program Files\ATI Technologies

2011-11-06 03:21:42 -------- d-----w- C:\Program Files\ATI

2011-11-06 02:17:23 -------- d-----w- C:\Users\EC\AppData\Local\{D688C7D8-34C5-483B-9880-77A64674C887}

2011-11-06 02:17:13 -------- d-----w- C:\Users\EC\AppData\Local\{B9B92E59-5B27-439D-A16B-B78AB872B4BE}

2011-11-05 16:04:40 -------- d-----w- C:\Users\EC\AppData\Local\Chromium

2011-11-05 15:53:16 -------- d-----w- C:\FMRTE

2011-11-05 14:52:34 -------- d-----w- C:\Users\EC\dwhelper

2011-11-05 14:05:39 -------- d-----w- C:\Users\EC\AppData\Local\{4CA50ED3-D1E2-4FF1-AB7D-83BBDA7D7DD6}

2011-11-05 14:04:26 -------- d-----w- C:\Users\EC\AppData\Local\{C1B8455A-B8D6-4B03-9C15-753FB0EDE5D3}

2011-11-05 04:38:17 -------- d-----w- C:\Users\EC\vpworkspace

2011-11-05 03:08:42 114704 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2011-11-05 02:02:03 -------- d-----w- C:\Users\EC\AppData\Local\{7809B6B2-89EB-40AD-ACD8-7F456F5728C2}

2011-11-05 02:01:54 -------- d-----w- C:\Users\EC\AppData\Local\{096B294A-DBA0-4471-B713-1E96079A91D3}

2011-11-04 20:21:12 -------- d-----w- C:\Program Files (x86)\MSI Kombustor

2011-11-04 20:18:17 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll

2011-11-04 20:18:11 -------- d-----w- C:\Program Files (x86)\MSI Afterburner

2011-11-04 17:03:12 -------- d-----w- C:\Users\EC\AppData\Roaming\BatteryBar

2011-11-04 17:03:12 -------- d-----w- C:\Program Files\BatteryBar

2011-11-04 16:16:59 -------- d-----w- C:\ATI

2011-11-04 14:47:08 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-04 10:13:05 -------- d-----w- C:\Users\EC\AppData\Roaming\Wireshark

2011-11-04 09:55:24 -------- d-----w- C:\Program Files (x86)\WinPcap

2011-11-04 09:54:54 -------- d-----w- C:\Program Files\Wireshark

2011-11-04 07:36:59 -------- d-----w- C:\Users\EC\AppData\Local\{22E4A602-A575-43EF-A6A0-696AB20EE8BC}

2011-11-04 07:36:49 -------- d-----w- C:\Users\EC\AppData\Local\{EB7B50C5-09B3-4B69-9E3E-AC583021D390}

2011-11-04 04:09:01 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2011-11-04 04:03:42 -------- d-----w- C:\Windows\PCHEALTH

2011-11-04 04:01:01 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2011-11-04 03:54:57 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys

2011-11-04 03:54:57 -------- d-----w- C:\Program Files\CPUID

2011-11-04 03:54:23 -------- d-----w- C:\Fraps

2011-11-04 03:09:28 -------- d-----w- C:\Program Files\CCleaner

2011-11-04 03:06:34 -------- d-----w- C:\Users\EC\visualparadigm

2011-11-04 03:05:50 -------- d-----w- C:\Program Files (x86)\VP Suite 5.3

2011-11-04 02:30:25 -------- d-----w- C:\Windows\ehome

2011-11-04 02:26:37 -------- d-----w- C:\ProgramData\Recovery

2011-11-04 01:56:38 -------- d-----w- C:\Users\EC\AppData\Local\{E39B8DA8-53E5-405C-8599-99DA17FC165D}

2011-11-04 01:56:28 -------- d-----w- C:\Users\EC\AppData\Local\{9E816279-360D-4FDD-95A5-ED6A1422932E}

2011-11-04 01:56:15 -------- d-----w- C:\Users\EC\Tracing

2011-11-04 01:51:34 -------- d-----w- C:\Users\EC\AppData\Local\Adobe

2011-11-04 01:50:30 -------- d-----w- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}

2011-11-04 01:49:49 -------- d-----w- C:\ProgramData\Uninstall

2011-11-04 01:49:41 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-11-04 01:48:20 -------- d-----w- C:\Windows\AutoKMS

2011-11-04 01:41:27 0 ----a-w- C:\Windows\ativpsrm.bin

2011-11-04 01:40:11 68608 ----a-w- C:\Windows\System32\AESTAR64.dll

2011-11-04 01:40:11 442368 ----a-w- C:\Windows\System32\AESTEC64.dll

2011-11-04 01:40:11 220672 ----a-w- C:\Windows\System32\HPToneCtrls64.dll

2011-11-04 01:40:11 162304 ----a-w- C:\Windows\System32\AESTAC64.dll

2011-11-04 01:40:10 90624 ----a-w- C:\Windows\System32\AESTCo64.dll

2011-11-04 01:40:10 487424 ----a-w- C:\Windows\sttray64.exe

2011-11-04 01:40:10 3309568 ----a-w- C:\Windows\System32\stlang64.dll

2011-11-04 01:40:10 12547584 ----a-w- C:\Windows\System32\idtcpl64.cpl

2011-11-04 01:40:09 -------- d-----w- C:\Windows\System32\SRSLabs

2011-11-04 01:39:44 209920 ----a-w- C:\Windows\System32\staco64.dll

2011-11-04 01:39:41 -------- d-----w- C:\Program Files\IDT

2011-11-04 01:39:27 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-11-04 01:39:15 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2011-11-04 01:39:09 -------- d-----w- C:\ProgramData\AmUStor

2011-11-04 01:39:09 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun

2011-11-04 01:38:51 -------- d-----w- C:\Intel

2011-11-04 01:38:24 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-11-04 01:38:24 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-11-04 01:38:24 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-11-04 01:38:20 -------- d-----w- C:\Program Files (x86)\Realtek

2011-11-04 01:38:13 -------- d-----w- C:\Program Files\Synaptics

2011-11-04 01:37:30 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-11-04 01:36:51 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys

2011-11-04 01:36:51 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys

2011-11-04 01:36:51 21160 ----a-w- C:\Windows\System32\drivers\btwrchid.sys

2011-11-04 01:36:51 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys

2011-11-04 01:36:45 -------- d-----w- C:\Program Files\WIDCOMM

2011-11-04 01:36:37 -------- d-----w- C:\Windows\Hewlett-Packard

2011-11-04 01:35:29 787456 ----a-w- C:\Windows\System32\NETw5c64.dll

2011-11-04 01:35:29 7675392 ----a-w- C:\Windows\System32\drivers\NETw5s64.sys

2011-11-04 01:35:29 2747904 ----a-w- C:\Windows\System32\NETw5r64.dll

2011-11-04 01:35:25 -------- d-sh--w- C:\Windows\Installer

2011-11-03 18:46:03 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-11-03 18:23:57 -------- d-----w- C:\Windows\System32\SPReview

2011-11-03 18:23:43 -------- d-----w- C:\Windows\System32\EventProviders

2011-11-03 18:15:59 751104 ----a-w- C:\Windows\System32\win32spl.dll

2011-11-03 18:14:55 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-11-03 18:14:55 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2011-11-03 18:14:54 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-11-03 18:14:21 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-11-03 18:14:21 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2011-11-03 18:14:17 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2011-11-03 17:42:59 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2011-11-03 17:42:40 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-11-03 17:42:04 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2011-11-03 17:31:08 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-11-03 17:31:07 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-11-03 17:31:07 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-11-03 17:31:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-11-03 17:31:07 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-11-03 17:09:44 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-11-03 16:09:47 -------- d-----w- C:\Windows\SysWow64\Wat

2011-11-03 16:09:47 -------- d-----w- C:\Windows\System32\Wat

2011-11-03 15:29:43 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2011-11-03 15:29:41 -------- d-----w- C:\Windows\SHELLNEW

2011-11-03 14:56:30 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-11-03 14:18:07 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-11-03 14:18:07 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-11-03 14:18:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-03 14:18:05 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-03 14:16:59 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-11-03 13:56:50 -------- d-----w- C:\Users\EC\.netbeans-derby

2011-11-03 13:53:48 -------- d-----w- C:\Users\EC\.m2

2011-11-03 13:53:18 -------- d-----w- C:\Users\EC\.netbeans

2011-11-03 13:50:55 -------- d-----w- C:\Program Files\NetBeans 7.0.1

2011-11-03 13:49:50 -------- d-----w- C:\Program Files (x86)\Softnyx

2011-11-03 13:48:14 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-03 13:42:59 -------- d-----w- C:\Users\EC\.nbi

2011-11-03 13:42:37 -------- d-----w- C:\Program Files (x86)\Sun

2011-11-03 13:40:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-03 13:37:13 -------- d-----w- C:\Users\EC\AppData\Local\SKIDROW

2011-11-03 13:37:12 -------- d-----w- C:\Users\EC\AppData\Roaming\Sports Interactive

2011-11-03 13:37:12 -------- d-----w- C:\Users\EC\AppData\Local\Sports Interactive

2011-11-03 13:32:38 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-11-03 13:32:24 -------- d-----w- C:\Windows\SysWow64\directx

2011-11-03 13:06:52 388096 ----a-r- C:\Users\EC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-03 13:06:51 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-03 12:51:58 -------- d-----w- C:\$RECYCLE.BIN

2011-11-03 12:19:58 -------- d-----w- C:\Program Files (x86)\SEGA

2011-11-03 12:17:49 -------- d-----w- C:\Program Files (x86)\VideoLAN

2011-11-03 12:17:00 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2011-11-03 12:16:57 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2011-11-03 12:12:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-03 12:09:51 -------- d-----w- C:\Program Files (x86)\FIFA 12

2011-11-03 11:52:07 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-11-03 11:52:00 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-11-03 11:51:25 -------- d-----w- C:\Users\EC\AppData\Roaming\DAEMON Tools Lite

2011-11-03 11:51:22 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2011-11-03 11:48:48 -------- d-----w- C:\Users\EC\AppData\Local\Google

2011-11-03 11:46:23 -------- d-----w- C:\Users\EC\AppData\Local\Windows Live

2011-11-03 11:46:23 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-11-03 11:45:31 -------- d-----w- C:\Program Files (x86)\uTorrent

2011-11-03 11:45:05 -------- d-----w- C:\Users\EC\AppData\Roaming\uTorrent

2011-11-03 11:45:05 -------- d-----w- C:\Users\EC\AppData\Local\uTorrent

2011-11-03 11:35:48 -------- d-----w- C:\Users\EC\AppData\Roaming\Malwarebytes

2011-11-03 11:33:27 -------- d-----w- C:\Users\EC\AppData\Roaming\GlarySoft

2011-11-03 11:30:36 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-03 11:30:33 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-03 11:30:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-03 11:30:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-11-03 11:29:58 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-11-03 11:29:20 -------- d-----w- C:\Program Files (x86)\Glary Utilities

2011-11-03 11:25:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-03 11:25:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-03 11:20:20 -------- d-----w- C:\Users\EC\AppData\Local\Microsoft Help

2011-11-03 11:07:52 -------- d-----w- C:\Users\EC\AppData\Roaming\Roxio Log Files

2011-11-03 11:07:01 -------- d-----w- C:\Users\EC\AppData\Roaming\hpqLog

2011-11-03 11:06:52 -------- d-----w- C:\Users\EC\AppData\Local\ATI

2011-10-22 11:21:42 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2011-10-22 11:21:38 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2011-10-12 20:56:18 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-10-12 20:20:20 24629760 ----a-w- C:\Windows\System32\atio6axx.dll

2011-10-12 20:14:36 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-10-12 20:14:26 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-10-12 20:13:00 867328 ----a-w- C:\Windows\System32\aticfx64.dll

2011-10-12 20:10:28 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-10-12 20:10:18 487936 ----a-w- C:\Windows\System32\atieclxx.exe

2011-10-12 20:09:44 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-10-12 20:08:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-10-12 20:08:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-10-12 20:08:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-10-12 20:07:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-10-12 20:07:54 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-12 20:07:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-10-12 20:07:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-10-12 20:04:14 18630656 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-10-12 19:46:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-10-12 19:46:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-10-12 19:46:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-10-12 19:46:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-10-12 19:45:58 9877504 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-10-12 19:44:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-10-12 19:44:28 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-10-12 19:44:20 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-10-12 19:42:56 8391680 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-10-12 19:33:10 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-10-12 19:31:34 479744 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-10-12 19:31:22 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-10-12 19:31:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-10-12 19:31:02 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-10-12 19:31:02 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-10-12 19:30:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-10-12 19:30:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-10-12 19:30:42 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-10-12 19:29:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-10-12 19:28:30 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-10-12 08:16:36 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-10-12 08:16:30 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-10-12 08:16:22 16787456 ----a-w- C:\Windows\System32\amdocl64.dll

2011-10-12 08:15:40 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-10-12 08:14:54 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-10-12 08:14:50 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

.

==================== Find3M ====================

.

2011-11-03 18:35:39 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-11-03 18:35:39 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-10-12 20:04:42 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-10-12 19:54:44 4960768 ----a-w- C:\Windows\System32\atidxx64.dll

2011-10-12 19:44:10 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-10-12 19:39:38 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-10-12 19:38:20 5431808 ----a-w- C:\Windows\System32\atiumd64.dll

2011-10-12 19:29:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-10-12 19:29:42 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-10-12 19:29:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

.

============= FINISH: 18:39:48.39 ===============

Thanks for e assistance :)

Attach.txt

Link to post
Share on other sites

  • Staff

xerrex,

I apologize for the delay.

Reddcurriz,

Please start your own topic and someone will assist you soon.

xerrex,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Screen,

Thanks for the reply.

Here are the logs.

TIA :)

ComboFix

ComboFix 11-11-18.01 - EC 11/18/2011 17:54:26.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.4325 [GMT 8:00]

Running from: c:\users\EC\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\settings.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))

.

.

2011-11-18 09:57 . 2011-11-18 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-18 09:51 . 2011-11-18 09:51 -------- d-----w- c:\windows\system32\Macromed

2011-11-18 09:50 . 2011-11-18 09:53 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E719A07-85EC-47F9-BF6A-0BF604F85007}\offreg.dll

2011-11-18 07:04 . 2011-10-06 13:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E719A07-85EC-47F9-BF6A-0BF604F85007}\mpengine.dll

2011-11-10 17:22 . 2011-11-10 17:22 -------- dc----w- c:\windows\system32\DRVSTORE

2011-11-10 17:22 . 2009-05-18 05:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-11-10 17:22 . 2008-04-17 04:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-11-10 17:22 . 2008-04-17 04:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\program files\iPod

2011-11-10 17:21 . 2011-11-10 17:22 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-11-10 17:21 . 2011-11-10 17:22 -------- d-----w- c:\program files\iTunes

2011-11-10 17:21 . 2011-11-10 17:22 -------- d-----w- c:\program files (x86)\iTunes

2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\programdata\Apple Computer

2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\program files\Common Files\Apple

2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\program files (x86)\Bonjour

2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\program files\Bonjour

2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\programdata\Apple

2011-11-10 16:50 . 2011-11-10 16:50 -------- dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}

2011-11-10 16:50 . 2011-11-10 16:50 -------- d-----w- c:\program files (x86)\Stardock

2011-11-09 09:40 . 2011-11-09 09:40 -------- d-----w- c:\program files\Rainmeter

2011-11-08 22:13 . 2011-11-08 22:13 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-11-08 19:45 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-08 19:45 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-08 19:45 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-08 19:45 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys

2011-11-06 03:22 . 2011-11-06 03:22 -------- d-----w- c:\programdata\ATI

2011-11-06 03:22 . 2011-11-06 03:22 -------- d-----w- c:\program files (x86)\AMD APP

2011-11-06 03:22 . 2011-11-06 03:22 -------- d-----w- c:\program files\Common Files\ATI Technologies

2011-11-06 03:22 . 2011-11-06 03:22 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2011-11-06 03:21 . 2011-11-06 03:22 -------- d-----w- c:\program files\ATI Technologies

2011-11-06 03:21 . 2011-11-06 03:21 -------- d-----w- c:\program files\ATI

2011-11-05 15:53 . 2011-11-16 12:57 -------- d-----w- C:\FMRTE

2011-11-05 03:08 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

2011-11-04 20:21 . 2011-11-04 20:21 -------- d-----w- c:\program files (x86)\MSI Kombustor

2011-11-04 20:18 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll

2011-11-04 20:18 . 2011-11-10 04:30 -------- d-----w- c:\program files (x86)\MSI Afterburner

2011-11-04 17:03 . 2011-11-10 03:26 -------- d-----w- c:\program files\BatteryBar

2011-11-04 16:16 . 2011-11-04 16:16 -------- d-----w- C:\ATI

2011-11-04 14:47 . 2011-10-06 13:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-04 09:55 . 2011-11-04 09:55 -------- d-----w- c:\program files (x86)\WinPcap

2011-11-04 09:54 . 2011-11-04 09:55 -------- d-----w- c:\program files\Wireshark

2011-11-04 04:09 . 2011-11-04 04:09 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation

2011-11-04 04:03 . 2011-11-04 04:05 -------- d-----w- c:\program files (x86)\Windows Live

2011-11-04 04:03 . 2011-11-04 04:03 -------- d-----w- c:\windows\PCHEALTH

2011-11-04 04:01 . 2011-05-20 01:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys

2011-11-04 03:54 . 2011-11-04 03:54 -------- d-----w- c:\program files\CPUID

2011-11-04 03:54 . 2010-11-09 07:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

2011-11-04 03:54 . 2011-11-04 03:54 -------- d-----w- C:\Fraps

2011-11-04 03:40 . 2011-11-04 03:40 -------- d-----w- c:\program files\7-Zip

2011-11-04 03:09 . 2011-11-04 03:09 -------- d-----w- c:\program files\CCleaner

2011-11-04 03:05 . 2011-11-06 15:01 -------- d-----w- c:\program files (x86)\VP Suite 5.3

2011-11-04 02:30 . 2011-11-04 02:30 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs

2011-11-04 02:30 . 2011-11-04 02:30 -------- d-----r- c:\users\Public\Recorded TV

2011-11-04 02:30 . 2011-11-03 18:39 -------- d-----w- c:\windows\ehome

2011-11-04 02:26 . 2011-11-04 01:57 -------- d-----w- c:\programdata\Hewlett-Packard

2011-11-04 02:26 . 2011-11-04 02:59 -------- d-----w- c:\programdata\Recovery

2011-11-04 01:53 . 2011-11-04 01:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-11-04 01:51 . 2011-11-04 01:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2011-11-04 01:51 . 2011-11-04 01:51 -------- d-----w- c:\windows\SysWow64\Macromed

2011-11-04 01:50 . 2011-11-04 01:50 -------- d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}

2011-11-04 01:49 . 2011-11-04 01:49 -------- d-----w- c:\programdata\Uninstall

2011-11-04 01:49 . 2011-11-04 01:49 -------- d-----w- c:\program files (x86)\Microsoft WSE

2011-11-04 01:49 . 2011-11-04 01:49 -------- d-----w- c:\programdata\Sonic

2011-11-04 01:49 . 2011-11-04 01:49 -------- d-----w- c:\programdata\Macrovision

2011-11-04 01:49 . 2011-11-03 12:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-11-04 01:48 . 2011-11-04 03:20 -------- d-----w- c:\windows\AutoKMS

2011-11-04 01:41 . 2011-11-04 01:41 0 ----a-w- c:\windows\ativpsrm.bin

2011-11-04 01:40 . 2010-01-14 07:38 220672 ----a-w- c:\windows\system32\HPToneCtrls64.dll

2011-11-04 01:40 . 2010-01-12 10:03 162304 ----a-w- c:\windows\system32\AESTAC64.dll

2011-11-04 01:40 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll

2011-11-04 01:40 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll

2011-11-04 01:40 . 2010-01-14 07:38 487424 ----a-w- c:\windows\sttray64.exe

2011-11-04 01:40 . 2010-01-14 07:38 3309568 ----a-w- c:\windows\system32\stlang64.dll

2011-11-04 01:40 . 2010-01-14 07:38 12547584 ----a-w- c:\windows\system32\idtcpl64.cpl

2011-11-04 01:40 . 2009-03-03 09:47 90624 ----a-w- c:\windows\system32\AESTCo64.dll

2011-11-04 01:40 . 2011-11-04 01:40 -------- d-----w- c:\windows\system32\SRSLabs

2011-11-04 01:39 . 2010-01-14 07:38 209920 ----a-w- c:\windows\system32\staco64.dll

2011-11-04 01:39 . 2011-11-04 01:40 -------- d-----w- c:\program files\IDT

2011-11-04 01:39 . 2011-08-31 07:20 53248 ----a-w- c:\windows\SysWow64\CSVer.dll

2011-11-04 01:39 . 2011-11-04 01:39 -------- d-----w- c:\program files (x86)\Common Files\postureAgent

2011-11-04 01:39 . 2011-11-04 01:39 -------- d-----w- c:\program files (x86)\AmIcoSingLun

2011-11-04 01:39 . 2011-11-04 01:39 -------- d-----w- c:\programdata\AmUStor

2011-11-04 01:38 . 2011-11-04 04:02 -------- d-----w- c:\program files (x86)\Intel

2011-11-04 01:38 . 2011-11-04 01:57 -------- d-----w- C:\Intel

2011-11-04 01:38 . 2010-03-05 05:43 346144 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-11-04 01:38 . 2010-01-06 08:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2011-11-04 01:38 . 2009-12-04 01:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-11-04 01:38 . 2011-11-04 01:38 -------- d-----w- c:\program files (x86)\Realtek

2011-11-04 01:38 . 2011-11-03 11:17 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2011-11-04 01:38 . 2011-11-04 01:38 -------- d-----w- c:\program files\Synaptics

2011-11-04 01:37 . 2011-11-06 03:21 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-11-04 01:36 . 2010-01-07 18:22 21160 ----a-w- c:\windows\system32\drivers\btwrchid.sys

2011-11-04 01:36 . 2010-01-07 18:22 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys

2011-11-04 01:36 . 2010-01-07 18:22 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys

2011-11-04 01:36 . 2010-01-07 18:22 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys

2011-11-04 01:36 . 2011-11-04 01:36 -------- d-----w- c:\program files\WIDCOMM

2011-11-04 01:36 . 2011-11-04 01:36 -------- d-----w- c:\program files\DIFX

2011-11-04 01:36 . 2011-11-04 01:49 -------- d-----w- c:\windows\Hewlett-Packard

2011-11-04 01:36 . 2011-11-03 11:14 -------- d-----w- c:\program files\Hewlett-Packard

2011-11-04 01:35 . 2010-02-01 19:12 787456 ----a-w- c:\windows\system32\NETw5c64.dll

2011-11-04 01:35 . 2010-02-01 19:12 7675392 ----a-w- c:\windows\system32\drivers\NETw5s64.sys

2011-11-04 01:35 . 2010-02-01 19:12 2747904 ----a-w- c:\windows\system32\NETw5r64.dll

2011-11-04 01:35 . 2011-11-03 11:17 -------- d-----w- c:\program files (x86)\Hewlett-Packard

2011-11-04 01:35 . 2011-11-10 17:22 -------- d-sh--w- c:\windows\Installer

2011-11-03 18:46 . 2011-11-03 18:46 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-11-03 18:23 . 2011-11-03 18:23 -------- d-----w- c:\windows\system32\SPReview

2011-11-03 18:23 . 2011-11-03 18:23 -------- d-----w- c:\windows\system32\EventProviders

2011-11-03 18:15 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys

2011-11-03 18:14 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-11-03 18:14 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2011-11-03 18:14 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-11-03 18:14 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-11-03 18:14 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2011-11-03 18:14 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2011-11-03 17:42 . 2011-11-03 17:42 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-11-03 17:42 . 2011-11-03 17:42 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2011-11-03 17:42 . 2011-11-03 17:42 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2011-11-03 17:42 . 2011-11-03 17:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2011-11-03 17:41 . 2011-11-03 17:41 -------- d-----r- C:\MSOCache

2011-11-03 17:31 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-11-03 17:31 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-11-03 17:31 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-11-03 17:31 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-04 04:03 . 2011-03-28 10:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-03 18:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-11-03 18:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll

2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-12 20:14 . 2011-10-12 20:14 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-10-12 20:13 . 2011-10-12 20:13 867328 ----a-w- c:\windows\system32\aticfx64.dll

2011-10-12 20:10 . 2011-10-12 20:10 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe

2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-10-12 20:08 . 2011-10-12 20:08 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-10-12 20:04 . 2010-09-09 06:22 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-10-12 19:54 . 2010-09-09 06:14 4960768 ----a-w- c:\windows\system32\atidxx64.dll

2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll

2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-10-12 19:44 . 2011-10-12 19:44 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-10-12 19:44 . 2010-09-09 06:06 4023296 ----a-w- c:\windows\system32\atiumd6a.dll

2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-10-12 19:39 . 2010-03-10 06:56 58880 ----a-w- c:\windows\system32\coinst.dll

2011-10-12 19:38 . 2010-09-09 05:59 5431808 ----a-w- c:\windows\system32\atiumd64.dll

2011-10-12 19:33 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-10-12 19:31 . 2011-10-12 19:31 479744 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-12 19:31 . 2011-10-12 19:31 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-10-12 19:29 . 2010-09-09 05:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll

2011-10-12 19:29 . 2010-09-09 05:52 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-10-12 19:29 . 2010-09-09 05:52 38912 ----a-w- c:\windows\system32\atiu9p64.dll

2011-10-12 19:29 . 2011-10-12 19:29 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-10-12 08:16 . 2011-10-12 08:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll

2011-10-12 08:16 . 2011-10-12 08:16 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2011-10-12 08:16 . 2011-10-12 08:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll

2011-10-12 08:15 . 2011-10-12 08:15 13753856 ----a-w- c:\windows\SysWow64\amdocl.dll

2011-10-12 08:14 . 2011-10-12 08:14 51200 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-12 08:14 . 2011-10-12 08:14 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-08-30 15:05 . 2011-08-30 15:05 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 15:05 . 2011-08-30 15:05 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-08-30 15:05 . 2011-08-30 15:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-30 15:05 . 2011-08-30 15:05 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-30 15:05 . 2011-08-30 15:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-08-30 15:05 . 2011-08-30 15:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-08-30 15:05 . 2011-08-30 15:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-08-30 15:05 . 2011-08-30 15:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk.disabled [2011-11-4 848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 GPU-Z;GPU-Z;c:\users\EC\AppData\Local\Temp\GPU-Z.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-18 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2011-11-04 01:48]

.

2011-11-18 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2011-11-03 05:08]

.

2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-948989516-102573581-3280785676-1000Core.job

- c:\users\EC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 11:48]

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-948989516-102573581-3280785676-1000UA.job

- c:\users\EC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 11:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-10 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-10 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-10 410648]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\EC\AppData\Roaming\Mozilla\Firefox\Profiles\5l65vswi.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-18 17:59:08

ComboFix-quarantined-files.txt 2011-11-18 09:59

ComboFix2.txt 2011-11-03 12:54

.

Pre-Run: 64,286,220,288 bytes free

Post-Run: 63,873,978,368 bytes free

.

- - End Of File - - E3D2EB396F3C3537E840AF6D23D4DD42

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by EC at 18:03:47 on 2011-11-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3844 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [showBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.disabled

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7E194F84-B79B-4AEA-8A46-BD4815ED346A} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7E194F84-B79B-4AEA-8A46-BD4815ED346A}\3594E4744554C4D223837303 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7E194F84-B79B-4AEA-8A46-BD4815ED346A}\7796C64616 : DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88

TCP: Interfaces\{7E194F84-B79B-4AEA-8A46-BD4815ED346A}\E45535F40554E4 : DhcpNameServer = 137.132.0.254 137.132.0.252

TCP: Interfaces\{EA3C0C87-00E7-4E6F-9BFE-3E51BF2FA6E4} : DhcpNameServer = 203.116.1.94 203.116.254.150

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\EC\AppData\Roaming\Mozilla\Firefox\Profiles\5l65vswi.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Users\EC\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-3-3 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-28 102968]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-4 13592]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-3 1153368]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-4 2533400]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-11-18 09:53:24 98816 ----a-w- C:\Windows\sed.exe

2011-11-18 09:53:24 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-18 09:53:24 256000 ----a-w- C:\Windows\PEV.exe

2011-11-18 09:53:24 208896 ----a-w- C:\Windows\MBR.exe

2011-11-18 09:50:30 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E719A07-85EC-47F9-BF6A-0BF604F85007}\offreg.dll

2011-11-18 07:04:13 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E719A07-85EC-47F9-BF6A-0BF604F85007}\mpengine.dll

2011-11-18 07:00:18 -------- d-----w- C:\Users\EC\AppData\Local\{470C9C6E-31ED-4359-B8E4-2DD77E35ABC8}

2011-11-18 07:00:17 -------- d-----w- C:\Users\EC\AppData\Local\{618C6D28-D9C7-4749-9E00-32B19B32208D}

2011-11-17 19:00:15 -------- d-----w- C:\Users\EC\AppData\Local\{EBF1FCCC-D376-4A36-A9F2-CFD8C17056FF}

2011-11-17 19:00:14 -------- d-----w- C:\Users\EC\AppData\Local\{E4CF5827-C499-471E-94FA-DA559A24F6AE}

2011-11-17 07:00:13 -------- d-----w- C:\Users\EC\AppData\Local\{DF49F80C-1709-403C-A3D1-F55B77014366}

2011-11-17 07:00:11 -------- d-----w- C:\Users\EC\AppData\Local\{EF075783-9480-4F09-A0AB-42B6EFD725C1}

2011-11-16 19:00:09 -------- d-----w- C:\Users\EC\AppData\Local\{2F4F901A-5A7D-48D4-94DF-F341AF356026}

2011-11-16 19:00:08 -------- d-----w- C:\Users\EC\AppData\Local\{F5D7D759-A6FA-4D44-8AEB-39F7D78BEE09}

2011-11-16 07:00:06 -------- d-----w- C:\Users\EC\AppData\Local\{72A38323-EE90-4EE4-9716-F29CF611355D}

2011-11-16 07:00:05 -------- d-----w- C:\Users\EC\AppData\Local\{73EF66AD-2099-42D5-B5CC-3A04032DC659}

2011-11-15 19:00:03 -------- d-----w- C:\Users\EC\AppData\Local\{824DD661-258C-4BAA-A896-F60DA850F644}

2011-11-15 19:00:01 -------- d-----w- C:\Users\EC\AppData\Local\{6BC7DC66-D095-4C94-A321-572257E6EE63}

2011-11-15 06:59:59 -------- d-----w- C:\Users\EC\AppData\Local\{816D05E4-A947-4518-9610-3B37D592FF83}

2011-11-15 06:59:59 -------- d-----w- C:\Users\EC\AppData\Local\{3D390518-9D06-45FF-BEE5-10E81A47FA46}

2011-11-14 20:52:05 -------- d-----w- C:\Users\EC\AppData\Local\{AA79ACE5-5D52-4FD6-A3C7-9DEFA8B0F757}

2011-11-14 08:51:50 -------- d-----w- C:\Users\EC\AppData\Local\{5E9FFBF0-2B46-4267-A2F1-C609397DA251}

2011-11-14 08:51:50 -------- d-----w- C:\Users\EC\AppData\Local\{50BCCEC8-544A-438E-A079-5114F80DC5C3}

2011-11-13 15:17:16 -------- d-----w- C:\Users\EC\AppData\Local\{481EEC43-BBA2-4CBE-AA48-2BA01DB6B2A3}

2011-11-13 15:17:15 -------- d-----w- C:\Users\EC\AppData\Local\{4CF0874C-1B85-4DD9-9AB2-5D46EA32D42A}

2011-11-13 03:17:13 -------- d-----w- C:\Users\EC\AppData\Local\{F2BE7A5B-5F28-4929-8BB6-332A09F5F346}

2011-11-13 03:17:12 -------- d-----w- C:\Users\EC\AppData\Local\{ECF91806-3A3F-4062-9AC4-18FD2B70B7C0}

2011-11-12 15:16:47 -------- d-----w- C:\Users\EC\AppData\Local\{04F6E789-951F-47DB-9FFB-393FC738E6FF}

2011-11-12 15:16:46 -------- d-----w- C:\Users\EC\AppData\Local\{94B47509-57F9-4212-A474-69F4980DC1C1}

2011-11-12 03:16:44 -------- d-----w- C:\Users\EC\AppData\Local\{E08953DB-4061-4B5F-88E9-F015ADD7D896}

2011-11-12 03:16:43 -------- d-----w- C:\Users\EC\AppData\Local\{20116A96-FFD6-4C55-AD30-81B516F32782}

2011-11-11 15:16:29 -------- d-----w- C:\Users\EC\AppData\Local\{F94D993F-6431-4578-92FD-3B9627906FF6}

2011-11-11 15:16:28 -------- d-----w- C:\Users\EC\AppData\Local\{6F77CA59-9363-4BCD-B9EA-70FF97964C38}

2011-11-11 03:16:13 -------- d-----w- C:\Users\EC\AppData\Local\{CEFFDB70-63FF-4596-A1C3-2182B84FE09D}

2011-11-11 03:16:13 -------- d-----w- C:\Users\EC\AppData\Local\{749FE61F-570B-4BEF-80F5-2B44C4681D60}

2011-11-10 17:22:07 -------- d-----w- C:\Users\EC\AppData\Local\Apple Computer

2011-11-10 17:22:05 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-11-10 17:22:05 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-11-10 17:22:05 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-11-10 17:21:42 -------- d-----w- C:\Program Files\iPod

2011-11-10 17:21:41 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-11-10 17:21:41 -------- d-----w- C:\Program Files\iTunes

2011-11-10 17:21:41 -------- d-----w- C:\Program Files (x86)\iTunes

2011-11-10 17:21:27 -------- d-----w- C:\Users\EC\AppData\Local\Apple

2011-11-10 17:21:15 -------- d-----w- C:\Program Files\Bonjour

2011-11-10 17:21:15 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-11-10 16:50:38 -------- d-----w- C:\Users\EC\AppData\Roaming\Stardock

2011-11-10 16:50:37 -------- dc-h--w- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}

2011-11-10 16:50:36 -------- d-----w- C:\Program Files (x86)\Stardock

2011-11-10 16:50:21 -------- d-----w- C:\Users\EC\AppData\Local\PackageAware

2011-11-10 15:16:11 -------- d-----w- C:\Users\EC\AppData\Local\{28302F5A-DA57-475B-A5F6-D1D60EB497DB}

2011-11-10 15:16:10 -------- d-----w- C:\Users\EC\AppData\Local\{36EA49AB-0061-463D-BCAB-64F16B3FC2AA}

2011-11-10 03:15:55 -------- d-----w- C:\Users\EC\AppData\Local\{499CE113-4E57-4D2D-A073-CB6269CD8414}

2011-11-10 03:15:55 -------- d-----w- C:\Users\EC\AppData\Local\{1D99992D-2C2F-41AF-9901-3FBE7FADE500}

2011-11-09 09:42:09 -------- d-----w- C:\Users\EC\AppData\Roaming\Rainmeter

2011-11-09 09:40:19 -------- d-----w- C:\Program Files\Rainmeter

2011-11-09 09:18:42 -------- d-----w- C:\Users\EC\AppData\Local\{36F0D9E8-4ABC-454F-AF01-59D45042215C}

2011-11-09 09:18:41 -------- d-----w- C:\Users\EC\AppData\Local\{02568884-88CF-4E66-B3B4-C05D3FFD7E44}

2011-11-08 22:13:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-11-08 20:45:05 -------- d-----w- C:\Users\EC\AppData\Local\{FAAEF4AF-2F5E-44B5-950F-8FD2A6C5DCCE}

2011-11-08 20:44:55 -------- d-----w- C:\Users\EC\AppData\Local\{6C87FC52-1B04-45B8-A108-5D356260C226}

2011-11-08 19:45:07 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-08 19:45:07 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-08 19:45:05 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-08 19:45:05 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-08 08:44:44 -------- d-----w- C:\Users\EC\AppData\Local\{3D7CFCEE-5870-49C9-817D-EE0B92FAF2F0}

2011-11-08 08:44:34 -------- d-----w- C:\Users\EC\AppData\Local\{9F6EF27C-B4E1-4824-A81C-EDEF74605FBB}

2011-11-07 18:09:47 -------- d-----w- C:\Users\EC\AppData\Local\{58C17ED0-45D7-4482-8059-F13F9A5EFF0B}

2011-11-07 18:09:37 -------- d-----w- C:\Users\EC\AppData\Local\{59D6D427-6C30-4883-8E1E-66A8C3D96D11}

2011-11-07 06:09:14 -------- d-----w- C:\Users\EC\AppData\Local\{BAD4D682-A194-4B6C-96F2-AFF152A0BA2C}

2011-11-07 06:09:04 -------- d-----w- C:\Users\EC\AppData\Local\{8E024B90-1302-4EE3-A0D9-DB3287A2D11A}

2011-11-07 06:09:04 -------- d-----w- C:\Users\EC\AppData\Local\{36E92C3D-90D5-44E0-9E90-011DA0C6B9D4}

2011-11-06 18:08:39 -------- d-----w- C:\Users\EC\AppData\Local\{527ECD2F-89B8-4682-81B7-641D93D87DE7}

2011-11-06 18:08:27 -------- d-----w- C:\Users\EC\AppData\Local\{C9F85C09-D2D6-43EE-B8A2-79988E2ED550}

2011-11-06 14:23:26 -------- d-----w- C:\Users\EC\Folder2

2011-11-06 12:18:37 -------- d-----w- C:\Users\EC\Folder1

2011-11-06 03:22:44 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-11-06 03:22:43 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-11-06 03:22:43 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-11-06 03:21:43 -------- d-----w- C:\Program Files\ATI Technologies

2011-11-06 03:21:42 -------- d-----w- C:\Program Files\ATI

2011-11-06 02:17:23 -------- d-----w- C:\Users\EC\AppData\Local\{D688C7D8-34C5-483B-9880-77A64674C887}

2011-11-06 02:17:13 -------- d-----w- C:\Users\EC\AppData\Local\{B9B92E59-5B27-439D-A16B-B78AB872B4BE}

2011-11-05 16:04:40 -------- d-----w- C:\Users\EC\AppData\Local\Chromium

2011-11-05 15:53:16 -------- d-----w- C:\FMRTE

2011-11-05 14:52:34 -------- d-----w- C:\Users\EC\dwhelper

2011-11-05 14:05:39 -------- d-----w- C:\Users\EC\AppData\Local\{4CA50ED3-D1E2-4FF1-AB7D-83BBDA7D7DD6}

2011-11-05 14:04:26 -------- d-----w- C:\Users\EC\AppData\Local\{C1B8455A-B8D6-4B03-9C15-753FB0EDE5D3}

2011-11-05 04:38:17 -------- d-----w- C:\Users\EC\vpworkspace

2011-11-05 03:08:42 114704 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2011-11-05 02:02:03 -------- d-----w- C:\Users\EC\AppData\Local\{7809B6B2-89EB-40AD-ACD8-7F456F5728C2}

2011-11-05 02:01:54 -------- d-----w- C:\Users\EC\AppData\Local\{096B294A-DBA0-4471-B713-1E96079A91D3}

2011-11-04 20:21:12 -------- d-----w- C:\Program Files (x86)\MSI Kombustor

2011-11-04 20:18:17 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll

2011-11-04 20:18:11 -------- d-----w- C:\Program Files (x86)\MSI Afterburner

2011-11-04 17:03:12 -------- d-----w- C:\Users\EC\AppData\Roaming\BatteryBar

2011-11-04 17:03:12 -------- d-----w- C:\Program Files\BatteryBar

2011-11-04 16:16:59 -------- d-----w- C:\ATI

2011-11-04 14:47:08 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-04 10:13:05 -------- d-----w- C:\Users\EC\AppData\Roaming\Wireshark

2011-11-04 09:55:24 -------- d-----w- C:\Program Files (x86)\WinPcap

2011-11-04 09:54:54 -------- d-----w- C:\Program Files\Wireshark

2011-11-04 07:36:59 -------- d-----w- C:\Users\EC\AppData\Local\{22E4A602-A575-43EF-A6A0-696AB20EE8BC}

2011-11-04 07:36:49 -------- d-----w- C:\Users\EC\AppData\Local\{EB7B50C5-09B3-4B69-9E3E-AC583021D390}

2011-11-04 04:09:01 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2011-11-04 04:03:42 -------- d-----w- C:\Windows\PCHEALTH

2011-11-04 04:01:01 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2011-11-04 03:54:57 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys

2011-11-04 03:54:57 -------- d-----w- C:\Program Files\CPUID

2011-11-04 03:54:23 -------- d-----w- C:\Fraps

2011-11-04 03:09:28 -------- d-----w- C:\Program Files\CCleaner

2011-11-04 03:06:34 -------- d-----w- C:\Users\EC\visualparadigm

2011-11-04 03:05:50 -------- d-----w- C:\Program Files (x86)\VP Suite 5.3

2011-11-04 02:30:25 -------- d-----w- C:\Windows\ehome

2011-11-04 02:26:37 -------- d-----w- C:\ProgramData\Recovery

2011-11-04 01:56:38 -------- d-----w- C:\Users\EC\AppData\Local\{E39B8DA8-53E5-405C-8599-99DA17FC165D}

2011-11-04 01:56:28 -------- d-----w- C:\Users\EC\AppData\Local\{9E816279-360D-4FDD-95A5-ED6A1422932E}

2011-11-04 01:56:15 -------- d-----w- C:\Users\EC\Tracing

2011-11-04 01:51:34 -------- d-----w- C:\Users\EC\AppData\Local\Adobe

2011-11-04 01:50:30 -------- d-----w- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}

2011-11-04 01:49:49 -------- d-----w- C:\ProgramData\Uninstall

2011-11-04 01:49:41 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-11-04 01:48:20 -------- d-----w- C:\Windows\AutoKMS

2011-11-04 01:41:27 0 ----a-w- C:\Windows\ativpsrm.bin

2011-11-04 01:40:11 68608 ----a-w- C:\Windows\System32\AESTAR64.dll

2011-11-04 01:40:11 442368 ----a-w- C:\Windows\System32\AESTEC64.dll

2011-11-04 01:40:11 220672 ----a-w- C:\Windows\System32\HPToneCtrls64.dll

2011-11-04 01:40:11 162304 ----a-w- C:\Windows\System32\AESTAC64.dll

2011-11-04 01:40:10 90624 ----a-w- C:\Windows\System32\AESTCo64.dll

2011-11-04 01:40:10 487424 ----a-w- C:\Windows\sttray64.exe

2011-11-04 01:40:10 3309568 ----a-w- C:\Windows\System32\stlang64.dll

2011-11-04 01:40:10 12547584 ----a-w- C:\Windows\System32\idtcpl64.cpl

2011-11-04 01:40:09 -------- d-----w- C:\Windows\System32\SRSLabs

2011-11-04 01:39:44 209920 ----a-w- C:\Windows\System32\staco64.dll

2011-11-04 01:39:41 -------- d-----w- C:\Program Files\IDT

2011-11-04 01:39:27 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-11-04 01:39:15 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2011-11-04 01:39:09 -------- d-----w- C:\ProgramData\AmUStor

2011-11-04 01:39:09 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun

2011-11-04 01:38:51 -------- d-----w- C:\Intel

2011-11-04 01:38:24 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-11-04 01:38:24 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-11-04 01:38:24 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-11-04 01:38:20 -------- d-----w- C:\Program Files (x86)\Realtek

2011-11-04 01:38:13 -------- d-----w- C:\Program Files\Synaptics

2011-11-04 01:37:30 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-11-04 01:36:51 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys

2011-11-04 01:36:51 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys

2011-11-04 01:36:51 21160 ----a-w- C:\Windows\System32\drivers\btwrchid.sys

2011-11-04 01:36:51 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys

2011-11-04 01:36:45 -------- d-----w- C:\Program Files\WIDCOMM

2011-11-04 01:36:37 -------- d-----w- C:\Windows\Hewlett-Packard

2011-11-04 01:35:29 787456 ----a-w- C:\Windows\System32\NETw5c64.dll

2011-11-04 01:35:29 7675392 ----a-w- C:\Windows\System32\drivers\NETw5s64.sys

2011-11-04 01:35:29 2747904 ----a-w- C:\Windows\System32\NETw5r64.dll

2011-11-04 01:35:25 -------- d-sh--w- C:\Windows\Installer

2011-11-03 18:46:03 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-11-03 18:23:57 -------- d-----w- C:\Windows\System32\SPReview

2011-11-03 18:23:43 -------- d-----w- C:\Windows\System32\EventProviders

2011-11-03 18:15:59 751104 ----a-w- C:\Windows\System32\win32spl.dll

2011-11-03 18:14:55 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-11-03 18:14:55 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2011-11-03 18:14:54 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-11-03 18:14:21 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-11-03 18:14:21 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2011-11-03 18:14:17 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2011-11-03 17:42:59 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2011-11-03 17:42:40 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-11-03 17:42:04 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2011-11-03 17:31:08 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-11-03 17:31:07 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-11-03 17:31:07 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-11-03 17:31:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-11-03 17:31:07 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-11-03 17:09:44 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-11-03 16:09:47 -------- d-----w- C:\Windows\SysWow64\Wat

2011-11-03 16:09:47 -------- d-----w- C:\Windows\System32\Wat

2011-11-03 15:29:43 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2011-11-03 15:29:41 -------- d-----w- C:\Windows\SHELLNEW

2011-11-03 14:56:30 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-11-03 14:18:07 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-11-03 14:18:07 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-11-03 14:18:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-03 14:18:05 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-03 14:16:59 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-11-03 13:56:50 -------- d-----w- C:\Users\EC\.netbeans-derby

2011-11-03 13:53:48 -------- d-----w- C:\Users\EC\.m2

2011-11-03 13:53:18 -------- d-----w- C:\Users\EC\.netbeans

2011-11-03 13:50:55 -------- d-----w- C:\Program Files\NetBeans 7.0.1

2011-11-03 13:49:50 -------- d-----w- C:\Program Files (x86)\Softnyx

2011-11-03 13:48:14 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-03 13:42:59 -------- d-----w- C:\Users\EC\.nbi

2011-11-03 13:42:37 -------- d-----w- C:\Program Files (x86)\Sun

2011-11-03 13:40:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-03 13:37:13 -------- d-----w- C:\Users\EC\AppData\Local\SKIDROW

2011-11-03 13:37:12 -------- d-----w- C:\Users\EC\AppData\Roaming\Sports Interactive

2011-11-03 13:37:12 -------- d-----w- C:\Users\EC\AppData\Local\Sports Interactive

2011-11-03 13:32:38 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-11-03 13:32:24 -------- d-----w- C:\Windows\SysWow64\directx

2011-11-03 13:06:52 388096 ----a-r- C:\Users\EC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-03 13:06:51 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-03 12:19:58 -------- d-----w- C:\Program Files (x86)\SEGA

2011-11-03 12:17:49 -------- d-----w- C:\Program Files (x86)\VideoLAN

2011-11-03 12:17:00 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2011-11-03 12:16:57 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2011-11-03 12:12:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-03 12:09:51 -------- d-----w- C:\Program Files (x86)\FIFA 12

2011-11-03 11:52:07 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-11-03 11:52:00 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-11-03 11:51:25 -------- d-----w- C:\Users\EC\AppData\Roaming\DAEMON Tools Lite

2011-11-03 11:51:22 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2011-11-03 11:48:48 -------- d-----w- C:\Users\EC\AppData\Local\Google

2011-11-03 11:46:23 -------- d-----w- C:\Users\EC\AppData\Local\Windows Live

2011-11-03 11:46:23 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-11-03 11:45:31 -------- d-----w- C:\Program Files (x86)\uTorrent

2011-11-03 11:45:05 -------- d-----w- C:\Users\EC\AppData\Roaming\uTorrent

2011-11-03 11:45:05 -------- d-----w- C:\Users\EC\AppData\Local\uTorrent

2011-11-03 11:35:48 -------- d-----w- C:\Users\EC\AppData\Roaming\Malwarebytes

2011-11-03 11:33:27 -------- d-----w- C:\Users\EC\AppData\Roaming\GlarySoft

2011-11-03 11:30:36 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-03 11:30:33 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-03 11:30:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-03 11:30:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-11-03 11:29:58 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-11-03 11:29:20 -------- d-----w- C:\Program Files (x86)\Glary Utilities

2011-11-03 11:25:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-03 11:25:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-03 11:20:20 -------- d-----w- C:\Users\EC\AppData\Local\Microsoft Help

2011-11-03 11:07:52 -------- d-----w- C:\Users\EC\AppData\Roaming\Roxio Log Files

2011-11-03 11:07:01 -------- d-----w- C:\Users\EC\AppData\Roaming\hpqLog

2011-11-03 11:06:52 -------- d-----w- C:\Users\EC\AppData\Local\ATI

2011-10-22 11:21:42 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2011-10-22 11:21:38 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

.

==================== Find3M ====================

.

2011-11-03 18:35:39 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-11-03 18:35:39 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-10-12 20:56:18 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-10-12 20:20:20 24629760 ----a-w- C:\Windows\System32\atio6axx.dll

2011-10-12 20:14:36 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-10-12 20:14:26 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-10-12 20:13:00 867328 ----a-w- C:\Windows\System32\aticfx64.dll

2011-10-12 20:10:28 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-10-12 20:10:18 487936 ----a-w- C:\Windows\System32\atieclxx.exe

2011-10-12 20:09:44 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-10-12 20:08:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-10-12 20:08:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-10-12 20:08:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-10-12 20:07:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-10-12 20:07:54 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-12 20:07:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-10-12 20:07:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-10-12 20:04:42 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-10-12 20:04:14 18630656 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-10-12 19:54:44 4960768 ----a-w- C:\Windows\System32\atidxx64.dll

2011-10-12 19:46:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-10-12 19:46:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-10-12 19:46:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-10-12 19:46:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-10-12 19:45:58 9877504 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-10-12 19:44:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-10-12 19:44:28 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-10-12 19:44:20 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-10-12 19:44:10 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-10-12 19:42:56 8391680 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-10-12 19:39:38 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-10-12 19:38:20 5431808 ----a-w- C:\Windows\System32\atiumd64.dll

2011-10-12 19:33:10 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-10-12 19:31:34 479744 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-10-12 19:31:22 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-10-12 19:31:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-10-12 19:31:02 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-10-12 19:31:02 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-10-12 19:30:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-10-12 19:30:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-10-12 19:30:42 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-10-12 19:29:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-10-12 19:29:42 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-10-12 19:29:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-10-12 19:29:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-10-12 19:28:30 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-10-12 08:16:36 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-10-12 08:16:30 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-10-12 08:16:22 16787456 ----a-w- C:\Windows\System32\amdocl64.dll

2011-10-12 08:15:40 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-10-12 08:14:54 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-10-12 08:14:50 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-08-30 15:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-08-30 15:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-08-30 15:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-08-30 15:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-08-30 15:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-08-30 15:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-08-30 15:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-08-30 15:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

.

============= FINISH: 18:04:09.19 ===============

Attach.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Hi,

I'm unsure of its relevance, but Eset scan removed

"C:\Windows\AutoKMS\AutoKMS.exe probably a variant of Win32/HackKMS.B application cleaned by deleting - quarantined".

As requested, this is the Eset log file. :)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Security Check Log

Results of screen317's Security Check version 0.99.28

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java DB 10.5.3.0

Java 6 Update 29

Adobe Reader X (10.1.1)

Mozilla Firefox (8.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

Hi,

I'm unsure of its relevance, but Eset scan removed

"C:\Windows\AutoKMS\AutoKMS.exe probably a variant of Win32/HackKMS.B application cleaned by deleting - quarantined".

As requested, this is the Eset log file. :)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Security Check Log

Results of screen317's Security Check version 0.99.28

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java DB 10.5.3.0

Java 6 Update 29

Adobe Reader X (10.1.1)

Mozilla Firefox (8.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

I would like to emphasize that there are no noticeable issues in my system. Initially my system was infected with "PING.EXE" but I managed to remove it (I hope lol)

I am hoping your proficiency in this can confirm if there are any remnants/other issues I should take care of!

Thx! :D

Link to post
Share on other sites

  • Staff

Please see:

HijackThis Forum Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place. It's really not safe.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.