Inactive google redirect and PING.exe malware

[Inactive] google redirect and PING.exe malware

Hi,

I had the google redirect virus since couple of months ago. My anti-virus protection is Sophos, when I run full scan, nothing was found. Tried Malwarebytes, HouseCall and HitmanPro. Nothing was found and the problem persisted. These couple of days I got a process "PING.exe" running and taking a lot of CPU and memory. It re-appears every time after I manually terminate it. I thought these two issues are both caused by malware in some form.

My system is Window 7 64-bit. I use Firefox.

The logs files posted in following replies.


Any help will be highly appreciated!

-ming

 

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7813

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/28/2011 11:27:57 AM
mbam-log-2011-09-28 (11-27-57).txt

Scan type: Quick scan
Objects scanned: 191511
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-28 11:55:03
Windows 6.1.7600
Running: p707jpzf.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbcf0430
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbcf0430 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

 

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-28 12:01:56
-----------------------------
12:01:56.820 OS Version: Windows x64 6.1.7600
12:01:56.820 Number of processors: 4 586 0x2502
12:01:56.820 ComputerName: MING-PC UserName: Ming
12:01:57.694 Initialize success
12:03:56.348 AVAST engine defs: 11092800
12:04:02.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:04:02.744 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
12:04:02.791 Disk 0 MBR read successfully
12:04:02.806 Disk 0 MBR scan
12:04:02.822 Disk 0 Windows 7 default MBR code
12:04:02.822 Service scanning
12:04:05.053 Modules scanning
12:04:05.053 Disk 0 trace - called modules:
12:04:05.068 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:04:05.068 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004979060]
12:04:05.068 3 CLASSPNP.SYS[fffff8800186943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004902050]
12:04:07.408 AVAST engine scan C:\windows
12:04:09.405 AVAST engine scan C:\windows\system32
12:05:20.791 AVAST engine scan C:\windows\system32\drivers
12:05:29.355 AVAST engine scan C:\Users\Ming
12:07:12.112 File: C:\Users\Ming\AppData\Roaming\AnQWfgqYeVOt0c2\opGaHWfLgZYVPHd.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:07:30.451 File: C:\Users\Ming\AppData\Roaming\EeIrrzONNxSiD4H\S779TwIrOuSb3n4.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:07:31.026 File: C:\Users\Ming\AppData\Roaming\FmWLZXVtyiom\TZXVByuoQRjBx2G.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:07:31.289 File: C:\Users\Ming\AppData\Roaming\gBNuindfgCV\gSD4sfTYVNu.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:07:31.563 File: C:\Users\Ming\AppData\Roaming\GGJqV0ndqe\ddZVvshPFdfTBx2.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:07:31.750 File: C:\Users\Ming\AppData\Roaming\GhXUeIzyAuSbpGQ\pKfLgqjYCeIr.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:07:33.564 File: C:\Users\Ming\AppData\Roaming\mc1v2n4JdKgZhXj\czyAuoFp5.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:08:04.377 File: C:\Users\Ming\AppData\Roaming\Q03JOHRVc59UIE\uXUlrPx1SFaW.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:08:34.424 File: C:\Users\Ming\AppData\Roaming\VuQCSsVmhc5h0Ke\iQyLOQx49l16qxn.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:08:34.673 File: C:\Users\Ming\AppData\Roaming\X1DoF5JE8Z\bwClrNAv2bp.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:08:34.801 File: C:\Users\Ming\AppData\Roaming\XdRjNinKYrGEjNn\N78hr0oJwPHEhl1.exe **INFECTED** Win32:Cycbot-LT [Trj]
12:09:12.520 AVAST engine scan C:\ProgramData
12:11:04.037 Scan finished successfully
12:11:17.948 Disk 0 MBR has been saved successfully to "C:\Users\Ming\Desktop\MBR.dat "
12:11:17.954 The log file has been saved successfully to "C:\Users\Ming\Desktop\aswMBR.txt "

 

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7813

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/28/2011 11:27:57 AM
mbam-log-2011-09-28 (11-27-57).txt

Scan type: Quick scan
Objects scanned: 191511
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Ming at 12:11:59 on 2011-09-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.3006 [GMT -7:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.Google.com/
mURLSearchHooks: FroggyBoss Class: {539f76fd-084e-4858-86d5-62f02f54ae86} - C:\Program Files (x86)\Minibar\Froggy.dll
mWinlogon: Userinit=userinit.exe,
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - C:\Program Files (x86)\Thunder Network\WebThunder\WebThunderBHO_Now.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: MrFroggy Class: {856e12b5-22d7-4e22-9aca-ea9a008dd65b} - C:\Program Files (x86)\Minibar\Froggy.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [{9341A77E-11D6-5E96-8B15-086E6D3D32B4}] C:\Users\Ming\AppData\Roaming\Ichou\eluryfi.exe
dRun: [Smad] "C:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe "
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube Download - C:\Users\Ming\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll
LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{55473D66-93A0-4E85-9E54-2E75FDC2F2D0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{55473D66-93A0-4E85-9E54-2E75FDC2F2D0}\0516472796369616 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{55473D66-93A0-4E85-9E54-2E75FDC2F2D0}\9716E676D223 : DhcpNameServer = 68.87.69.150 68.87.85.102
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL, C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: WebThunder Browser Helper: {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files (x86)\Thunder Network\WebThunder\WebThunderBHO_Now.dll
BHO-X64: WebThunderBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: MrFroggy Class: {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll
BHO-X64: MrFroggy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO-X64: Minibar BHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL, C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\qqmail_plugin_for_firefox@tencent.com\plugins\npQQMail.dll
FF - plugin: C:\Users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\txftn@tencent.com\plugins\nptxftn.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: QQ Mail plugin for firefox: qqmail_plugin_for_firefox@tencent.com - %profile%\extensions\qqmail_plugin_for_firefox@tencent.com
FF - Ext: Tencent Storage plugin for firefox: txftn@tencent.com - %profile%\extensions\txftn@tencent.com
FF - Ext: XUL Cache: {f318257f-1339-4def-960b-bb88ce562ef1} - %profile%\extensions\{f318257f-1339-4def-960b-bb88ce562ef1}
FF - Ext: XUL Cache: {65a753aa-5f7f-4e6e-bb3d-a128e43a40ba} - %profile%\extensions\{65a753aa-5f7f-4e6e-bb3d-a128e43a40ba}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
S1 SAVOnAccess;SAVOnAccess;C:\windows\system32\DRIVERS\savonaccess.sys --> C:\windows\system32\DRIVERS\savonaccess.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 gpsvc32;Group Policy Client ;C:\windows\system32\NlsLexicons001832.exe --> C:\windows\system32\NlsLexicons001832.exe [?]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-26 13336]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-8 163056]
S2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-6-4 97520]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
S2 sina_live_deamon;LiveDeamon;C:\windows\System32\svchost.exe -k sina_live_deamon [2009-7-13 20992]
S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2010-9-21 230640]
S2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-8 1541360]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-5-26 2320920]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S3 usbsmi;Lenovo EasyCamera;C:\windows\system32\DRIVERS\SMIksdrv.sys --> C:\windows\system32\DRIVERS\SMIksdrv.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-5-26 509192]
S4 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-5-26 579400]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" --> C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [?]
S4 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S4 SophosBootDriver;SophosBootDriver;C:\windows\system32\DRIVERS\SophosBootDriver.sys --> C:\windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== File Associations ===============
.
txtfile=C:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2011-09-28 19:01:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1B0ADB68-D64B-45CD-A1CF-AF38B5CAF231}\offreg.dll
2011-09-28 18:30:05 -------- d-----w- C:\Users\Ming\AppData\Roaming\Ykm
2011-09-28 18:30:05 -------- d-----w- C:\Users\Ming\AppData\Roaming\Ichou
2011-09-28 09:59:53 -------- d-----w- C:\Users\Ming\AppData\Roaming\Ylisj
2011-09-28 09:59:53 -------- d-----w- C:\Users\Ming\AppData\Roaming\Noewu
2011-09-28 09:09:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-28 07:42:01 200976 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys
2011-09-28 07:30:59 -------- d-----w- C:\Users\Ming\AppData\Roaming\CFWkiQfqIx2
2011-09-28 07:29:56 -------- d-----w- C:\Users\Ming\AppData\Roaming\JkcJwym9NmLrifz
2011-09-28 07:28:59 -------- d-----w- C:\Users\Ming\AppData\Roaming\on4m6W7E8hklxcv
2011-09-28 07:27:56 -------- d-----w- C:\Users\Ming\AppData\Roaming\PgIcQLwN14W8Cly
2011-09-28 06:53:07 2456064 ----a-w- C:\windows\SysWow64\dLLL9ggTZ.exe
2011-09-28 06:17:39 2456064 ----a-w- C:\windows\SysWow64\ippmmHH5sQJdE.exe
2011-09-28 06:07:23 2456064 ----a-w- C:\windows\SysWow64\dLL99hTXXqUC.exe
2011-09-28 05:57:57 2456064 ----a-w- C:\windows\SysWow64\DllOOBtxxPycSi.exe
2011-09-28 05:27:05 2456064 ----a-w- C:\windows\SysWow64\DllIIBttzPycAu.exe
2011-09-28 04:23:47 2456064 ----a-w- C:\windows\SysWow64\DllOOBtzzPycAiD.exe
2011-09-28 03:36:03 2456064 ----a-w- C:\windows\SysWow64\dlllIBBtzPNyA1v.exe
2011-09-28 00:53:18 2456064 ----a-w- C:\windows\SysWow64\dllOOBttxP0cSiv.exe
2011-09-27 15:03:07 -------- d-----w- C:\Users\Ming\AppData\Local\Sophos
2011-09-27 14:46:06 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-09-27 14:45:39 -------- d-----w- C:\Users\Ming\AppData\Roaming\IObit
2011-09-27 14:45:39 -------- d-----w- C:\ProgramData\IObit
2011-09-27 14:32:49 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1B0ADB68-D64B-45CD-A1CF-AF38B5CAF231}\mpengine.dll
2011-09-26 21:49:24 -------- d-----w- C:\Program Files (x86)\Minibar
2011-09-26 21:49:13 -------- d-----w- C:\ProgramData\Babylon
2011-09-26 21:32:16 -------- d-----we C:\windows\system64
2011-09-19 21:55:45 -------- d-----r- C:\Users\Ming\AppData\Roaming\Brother
2011-09-17 15:03:03 -------- d-----w- C:\Users\Ming\AppData\Roaming\NCH Software
2011-09-17 12:13:44 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-09-17 12:13:44 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-09-17 12:13:44 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-09-17 12:13:44 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-09-17 12:13:44 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-09-17 12:13:44 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-09-17 12:13:43 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-09-17 12:13:43 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
.
==================== Find3M ====================
.
2011-09-28 07:31:45 2456064 ----a-w- C:\windows\SysWow64\BSn6Vx2GEjl0D.exe
2011-09-27 14:42:40 25160 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2011-09-01 00:00:50 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 12:14:16.14 ===============

 

Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2010 10:11:43 AM
System Uptime: 9/28/2011 12:01:03 PM (0 hours ago)
.
Motherboard: LENOVO | | Base Board Product Name
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 187.374 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 28.041 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP252: 9/21/2011 3:00:11 AM - Windows Update
RP253: 9/22/2011 3:00:10 AM - Windows Update
RP254: 9/23/2011 3:00:14 AM - Windows Update
RP255: 9/23/2011 1:32:59 PM - Windows Update
RP256: 9/24/2011 3:00:10 AM - Windows Update
RP257: 9/24/2011 5:21:10 AM - Windows Update
RP258: 9/25/2011 3:00:10 AM - Windows Update
RP259: 9/26/2011 3:00:10 AM - Windows Update
RP260: 9/26/2011 4:27:34 PM - Removed Acrobat.com
RP261: 9/26/2011 4:32:13 PM - Removed Apple Application Support
RP262: 9/27/2011 3:00:15 AM - Windows Update
RP263: 9/27/2011 7:31:30 AM - Windows Update
RP264: 9/28/2011 3:57:24 AM - Windows Update
RP265: 9/28/2011 6:06:50 AM - Windows Update
.
==== Installed Programs ======================
.
?????????V6.7.1
??2011Beta?
??Live
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.0.1
Apple Software Update
Broadcom 802.11 Wireless Driver
Brother HL-2140
CCTV Player Uninstall
Chinese Simplified Fonts Support For Adobe Reader 9
Cisco WebEx Meeting Center for Firefox or Chrome
CyberLink YouCam
Energy Management
Free YouTube Download version 3.0.13.815
Functional Ear Trainer
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 22
Junk Mail filter update
Lenovo DirectShare
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Lenovo Smile Dock
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office Visio Professional 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
MiKTeX 2.9
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (6.0.2)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Onekey Theater
OpenOffice.org 3.2
Power2Go
PPLite 1.0.0.5
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Sophos Anti-Virus
Sophos AutoUpdate
SSH Tectia Client
Tencent QQ
TeraTerm Pro
TeXnicCenter Version 1.0 Stable RC1
Tinn-R 2.3.7.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.4
WavePad Sound Editor
WinDjView 1.0.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/28/2011 6:03:03 AM, Error: Service Control Manager [7034] - The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
9/28/2011 4:13:51 AM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
9/28/2011 4:13:51 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/28/2011 3:54:00 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
9/28/2011 12:01:48 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
9/28/2011 12:01:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/28/2011 12:01:42 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 21
9/28/2011 12:01:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/28/2011 12:01:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/28/2011 12:01:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/28/2011 12:01:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/28/2011 12:01:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SAVOnAccess spldr TfFsMon TfSysMon Wanarpv6
9/28/2011 12:01:22 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
9/28/2011 12:01:22 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
9/28/2011 12:01:22 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
9/28/2011 11:36:24 AM, Error: Service Control Manager [7034] - The Sophos Anti-Virus status reporter service terminated unexpectedly. It has done this 1 time(s).
9/28/2011 11:36:08 AM, Error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 2 time(s).
9/28/2011 11:36:03 AM, Error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
9/28/2011 11:36:03 AM, Error: SAVOnAccess [37] - Driver threads still active when driver is being shutdown.
9/28/2011 11:18:47 AM, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 11:16:42 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
9/28/2011 11:16:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
9/28/2011 11:16:27 AM, Error: Service Control Manager [7023] - The LiveDeamon service terminated with the following error: The specified module could not be found.
9/27/2011 8:04:08 AM, Error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
9/27/2011 11:41:00 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
9/21/2011 11:05:01 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BRENDAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{55473D66-93A0-4E85-9E54-2E75FDC2F2D0}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

 

ComboFix 11-09-28.06 - Ming 09/28/2011 17:57:41.1.4 - x64
Running from: c:\users\Ming\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Minibar\FrOGgy.dll
c:\users\Ming\AppData\Roaming\Ichou\eluryfi.exe
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{65a753aa-5f7f-4e6e-bb3d-a128e43a40ba}
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{65a753aa-5f7f-4e6e-bb3d-a128e43a40ba}\chrome.manifest
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{65a753aa-5f7f-4e6e-bb3d-a128e43a40ba}\chrome\xulcache.jar
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{65a753aa-5f7f-4e6e-bb3d-a128e43a40ba}\defaults\preferences\xulcache.js
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{65a753aa-5f7f-4e6e-bb3d-a128e43a40ba}\install.rdf
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{f318257f-1339-4def-960b-bb88ce562ef1}
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{f318257f-1339-4def-960b-bb88ce562ef1}\chrome.manifest
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{f318257f-1339-4def-960b-bb88ce562ef1}\chrome\xulcache.jar
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{f318257f-1339-4def-960b-bb88ce562ef1}\defaults\preferences\xulcache.js
c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\extensions\{f318257f-1339-4def-960b-bb88ce562ef1}\install.rdf
c:\windows\s.bat
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 01:10 . 2011-09-29 01:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-29 01:10 . 2011-09-29 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-28 23:20 . 2011-09-28 23:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B0ADB68-D64B-45CD-A1CF-AF38B5CAF231}\offreg.dll
2011-09-28 18:30 . 2011-09-29 01:09 -------- d-----w- c:\users\Ming\AppData\Roaming\Ichou
2011-09-28 18:30 . 2011-09-28 18:33 -------- d-----w- c:\users\Ming\AppData\Roaming\Ykm
2011-09-28 18:30 . 2011-09-28 18:30 209408 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ozers.exe
2011-09-28 09:59 . 2011-09-28 18:15 -------- d-----w- c:\users\Ming\AppData\Roaming\Ylisj
2011-09-28 09:59 . 2011-09-28 10:20 -------- d-----w- c:\users\Ming\AppData\Roaming\Noewu
2011-09-28 09:09 . 2011-09-28 09:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 07:42 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-09-28 07:30 . 2011-09-28 07:30 -------- d-----w- c:\users\Ming\AppData\Roaming\CFWkiQfqIx2
2011-09-28 07:29 . 2011-09-28 07:29 -------- d-----w- c:\users\Ming\AppData\Roaming\JkcJwym9NmLrifz
2011-09-28 07:28 . 2011-09-28 07:28 -------- d-----w- c:\users\Ming\AppData\Roaming\on4m6W7E8hklxcv
2011-09-28 07:27 . 2011-09-28 07:27 -------- d-----w- c:\users\Ming\AppData\Roaming\PgIcQLwN14W8Cly
2011-09-28 06:53 . 2011-09-28 06:53 2456064 ----a-w- c:\windows\SysWow64\dLLL9ggTZ.exe
2011-09-28 06:17 . 2011-09-28 06:17 2456064 ----a-w- c:\windows\SysWow64\ippmmHH5sQJdE.exe
2011-09-28 06:07 . 2011-09-28 06:07 2456064 ----a-w- c:\windows\SysWow64\dLL99hTXXqUC.exe
2011-09-28 05:57 . 2011-09-28 05:57 2456064 ----a-w- c:\windows\SysWow64\DllOOBtxxPycSi.exe
2011-09-28 05:27 . 2011-09-28 05:27 2456064 ----a-w- c:\windows\SysWow64\DllIIBttzPycAu.exe
2011-09-28 04:23 . 2011-09-28 04:23 2456064 ----a-w- c:\windows\SysWow64\DllOOBtzzPycAiD.exe
2011-09-28 03:36 . 2011-09-28 03:36 2456064 ----a-w- c:\windows\SysWow64\dlllIBBtzPNyA1v.exe
2011-09-28 00:53 . 2011-09-28 00:53 2456064 ----a-w- c:\windows\SysWow64\dllOOBttxP0cSiv.exe
2011-09-27 15:03 . 2011-09-27 15:03 -------- d-----w- c:\users\Ming\AppData\Local\Sophos
2011-09-27 14:46 . 2011-09-27 14:46 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-09-27 14:45 . 2011-09-27 15:04 -------- d-----w- c:\users\Ming\AppData\Roaming\IObit
2011-09-27 14:45 . 2011-09-27 14:45 -------- d-----w- c:\programdata\IObit
2011-09-27 14:32 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B0ADB68-D64B-45CD-A1CF-AF38B5CAF231}\mpengine.dll
2011-09-27 02:05 . 2011-09-27 02:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia
2011-09-19 21:55 . 2011-09-19 21:55 -------- d-----r- c:\users\Ming\AppData\Roaming\Brother
2011-09-17 15:03 . 2011-09-17 15:03 -------- d-----w- c:\users\Ming\AppData\Roaming\NCH Software
2011-09-17 15:03 . 2011-09-17 15:03 -------- d-----w- c:\programdata\NCH Software
2011-09-17 12:13 . 2004-04-19 06:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-09-17 12:13 . 2004-04-19 06:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-09-17 12:13 . 2004-04-19 06:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-09-17 12:13 . 2004-04-19 06:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-09-17 12:13 . 2004-04-19 06:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-09-17 12:13 . 2004-04-19 06:36 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-09-17 12:13 . 2011-09-17 12:13 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-09-17 12:13 . 2011-09-17 12:13 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-09-05 09:31 . 2011-09-05 09:31 -------- d-----w- c:\users\Ming\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 14:42 . 2011-08-24 12:31 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-01 00:00 . 2011-08-24 11:26 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 05:26 . 2011-01-06 02:18 106496 ----a-r- c:\users\Ming\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2011-07-07 05:26 . 2011-01-06 02:18 106496 ----a-r- c:\users\Ming\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-07-07 05:26 . 2011-01-06 02:18 106496 ----a-r- c:\users\Ming\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ UNISPIM6.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring "=dword:00000001
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gpsvc32;Group Policy Client ;c:\windows\system32\NlsLexicons001832.exe [x]
R2 sina_live_deamon;LiveDeamon;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R4 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
sina_live_deamon REG_MULTI_SZ sina_live_deamon
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-12-18 166424]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-12-18 390680]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-12-18 410136]
"cAudioFilterAgent "= "c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-11-28 508472]
"EnergyUtility "= "c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management "= "c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"combofix "= "c:\combofix\CF22787.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x1
"AppInit_DLLs "=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Ming\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files (x86)\Minibar\MinibarButton.dll
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\
FF - Ext: QQ Mail plugin for firefox: qqmail_plugin_for_firefox@tencent.com - %profile%\extensions\qqmail_plugin_for_firefox@tencent.com
FF - Ext: Tencent Storage plugin for firefox: txftn@tencent.com - %profile%\extensions\txftn@tencent.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-{9341A77E-11D6-5E96-8B15-086E6D3D32B4} - c:\users\Ming\AppData\Roaming\Ichou\eluryfi.exe
Wow6432Node-HKU-Default-Run-Smad - c:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\uninst.exe
AddRemove-??Live - c:\program files (x86)\sina\Sina_live\2010\uninst.exe
AddRemove-CCTVPlayer - c:\users\Ming\Desktop\cctv.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
.
**************************************************************************
.
Completion time: 2011-09-28 18:21:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 01:21
.
Pre-Run: 201,534,369,792 bytes free
Post-Run: 201,121,398,784 bytes free
.
- - End Of File - - A42FB1BC3D967D5075BEDB3D3D2C6C5D

 

This is how I got ComboFix report. I started it as instructed. I was not monitoring it. When
I came back, the screen went black and I have to power-off the computer. After rebooting, it took quite a while for it to generate the report. Maybe these are all OK. It's just a little bit weird.

 

ComboFix 11-09-28.06 - Ming 09/28/2011 19:35:19.2.4 - x64
Running from: c:\users\Ming\Desktop\ComboFix.exe
Command switches used :: c:\users\Ming\Desktop\CFScript.txt
.
FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ozers.exe "
"c:\windows\SysWow64\dLL99hTXXqUC.exe "
"c:\windows\SysWow64\DllIIBttzPycAu.exe "
"c:\windows\SysWow64\dLLL9ggTZ.exe "
"c:\windows\SysWow64\dlllIBBtzPNyA1v.exe "
"c:\windows\SysWow64\dllOOBttxP0cSiv.exe "
"c:\windows\SysWow64\DllOOBtxxPycSi.exe "
"c:\windows\SysWow64\DllOOBtzzPycAiD.exe "
"c:\windows\SysWow64\ippmmHH5sQJdE.exe "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ming\AppData\Roaming\CFWkiQfqIx2
c:\users\Ming\AppData\Roaming\Ichou
c:\users\Ming\AppData\Roaming\JkcJwym9NmLrifz
c:\users\Ming\AppData\Roaming\Noewu
c:\users\Ming\AppData\Roaming\Noewu\ulsi.oki
c:\users\Ming\AppData\Roaming\on4m6W7E8hklxcv
c:\users\Ming\AppData\Roaming\PgIcQLwN14W8Cly
c:\users\Ming\AppData\Roaming\Ykm
c:\users\Ming\AppData\Roaming\Ylisj
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 02:47 . 2011-09-29 02:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-29 02:47 . 2011-09-29 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-28 23:20 . 2011-09-29 01:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B0ADB68-D64B-45CD-A1CF-AF38B5CAF231}\offreg.dll
2011-09-28 18:30 . 2011-09-28 18:30 209408 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ozers.exe
2011-09-28 09:09 . 2011-09-28 09:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 07:42 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-09-28 07:30 . 2011-09-28 07:30 -------- d-----w- c:\users\Ming\AppData\Roaming\z39AKCNnwlu3mJL
2011-09-28 07:29 . 2011-09-28 07:29 -------- d-----w- c:\users\Ming\AppData\Roaming\FmWLZXVtyiom
2011-09-28 07:28 . 2011-09-28 07:28 -------- d-----w- c:\users\Ming\AppData\Roaming\mbJZjPu3QfXkyvp
2011-09-28 07:27 . 2011-09-28 07:27 -------- d-----w- c:\users\Ming\AppData\Roaming\qhX1v2bpGaJdKR9
2011-09-28 06:53 . 2011-09-28 06:53 2456064 ----a-w- c:\windows\SysWow64\dLLL9ggTZ.exe
2011-09-28 06:17 . 2011-09-28 06:17 2456064 ----a-w- c:\windows\SysWow64\ippmmHH5sQJdE.exe
2011-09-28 06:07 . 2011-09-28 06:07 2456064 ----a-w- c:\windows\SysWow64\dLL99hTXXqUC.exe
2011-09-28 05:57 . 2011-09-28 05:57 2456064 ----a-w- c:\windows\SysWow64\DllOOBtxxPycSi.exe
2011-09-28 05:27 . 2011-09-28 05:27 2456064 ----a-w- c:\windows\SysWow64\DllIIBttzPycAu.exe
2011-09-28 04:23 . 2011-09-28 04:23 2456064 ----a-w- c:\windows\SysWow64\DllOOBtzzPycAiD.exe
2011-09-28 03:36 . 2011-09-28 03:36 2456064 ----a-w- c:\windows\SysWow64\dlllIBBtzPNyA1v.exe
2011-09-28 00:53 . 2011-09-28 00:53 2456064 ----a-w- c:\windows\SysWow64\dllOOBttxP0cSiv.exe
2011-09-27 15:03 . 2011-09-27 15:03 -------- d-----w- c:\users\Ming\AppData\Local\Sophos
2011-09-27 14:46 . 2011-09-27 14:46 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-09-27 14:45 . 2011-09-27 15:04 -------- d-----w- c:\users\Ming\AppData\Roaming\IObit
2011-09-27 14:45 . 2011-09-27 14:45 -------- d-----w- c:\programdata\IObit
2011-09-27 14:32 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B0ADB68-D64B-45CD-A1CF-AF38B5CAF231}\mpengine.dll
2011-09-27 02:05 . 2011-09-27 02:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia
2011-09-19 21:55 . 2011-09-19 21:55 -------- d-----r- c:\users\Ming\AppData\Roaming\Brother
2011-09-17 15:03 . 2011-09-17 15:03 -------- d-----w- c:\users\Ming\AppData\Roaming\NCH Software
2011-09-17 15:03 . 2011-09-17 15:03 -------- d-----w- c:\programdata\NCH Software
2011-09-17 12:13 . 2004-04-19 06:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-09-17 12:13 . 2004-04-19 06:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-09-17 12:13 . 2004-04-19 06:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-09-17 12:13 . 2004-04-19 06:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-09-17 12:13 . 2004-04-19 06:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-09-17 12:13 . 2004-04-19 06:36 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-09-17 12:13 . 2011-09-17 12:13 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-09-17 12:13 . 2011-09-17 12:13 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-09-05 09:31 . 2011-09-05 09:31 -------- d-----w- c:\users\Ming\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 14:42 . 2011-08-24 12:31 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-01 00:00 . 2011-08-24 11:26 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 05:26 . 2011-01-06 02:18 106496 ----a-r- c:\users\Ming\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2011-07-07 05:26 . 2011-01-06 02:18 106496 ----a-r- c:\users\Ming\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-07-07 05:26 . 2011-01-06 02:18 106496 ----a-r- c:\users\Ming\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-29_01.13.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-09-29 01:16 35406 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-09-28 23:22 35406 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-15 19:27 . 2011-09-29 01:16 10374 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3819581400-467437791-1092175451-1000_UserData.bin
- 2010-09-15 19:32 . 2011-09-29 01:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 19:32 . 2011-09-29 02:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-15 19:32 . 2011-09-29 01:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 19:32 . 2011-09-29 02:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-29 01:13 475136 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-29 01:14 475136 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-29 01:13 5881856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-29 01:14 5881856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-29 01:14 2523136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-29 01:13 2523136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ UNISPIM6.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gpsvc32;Group Policy Client ;c:\windows\system32\NlsLexicons001832.exe [x]
R2 sina_live_deamon;LiveDeamon;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R4 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
sina_live_deamon REG_MULTI_SZ sina_live_deamon
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-12-18 166424]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-12-18 390680]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-12-18 410136]
"cAudioFilterAgent "= "c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-11-28 508472]
"ETDWare "= "c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"EnergyUtility "= "c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management "= "c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs "=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Ming\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files (x86)\Minibar\MinibarButton.dll
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ming\AppData\Roaming\Mozilla\Firefox\Profiles\zf081pd8.default\
FF - Ext: QQ Mail plugin for firefox: qqmail_plugin_for_firefox@tencent.com - %profile%\extensions\qqmail_plugin_for_firefox@tencent.com
FF - Ext: Tencent Storage plugin for firefox: txftn@tencent.com - %profile%\extensions\txftn@tencent.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-??Live - c:\program files (x86)\sina\Sina_live\2010\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-28 19:52:43
ComboFix-quarantined-files.txt 2011-09-29 02:52
ComboFix2.txt 2011-09-29 01:21
.
Pre-Run: 200,982,036,480 bytes free
Post-Run: 200,930,881,536 bytes free
.
- - End Of File - - B416C6A19A880EB1C8E3CFB7CF87E8FE

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:18 on 28/09/2011 by Ming
Administrator - Elevation successful

No Context: #

No Context: Code:

========== filefind ==========

Searching for "consrv.dll "
No files found.

Searching for "winsrv.dll "
C:\Windows\System32\winsrv.dll --a---- 214016 bytes [23:38 13/07/2009] [01:41 14/07/2009] 457B44AB6D502E55F64A867D4F35C76C
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll --a---- 214016 bytes [23:38 13/07/2009] [01:41 14/07/2009] 457B44AB6D502E55F64A867D4F35C76C

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug "=" "
@= "mnmsrvc "
"Kmode "= "\SystemRoot\System32\win32k.sys "
"Optional "= "Posix "
"Posix "= "%SystemRoot%\system32\psxss.exe "
"Required "= "Debug Windows "
"Windows "= "%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 "


-= EOF =-

 

20:36:26.0169 0996 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
20:36:26.0591 0996 ============================================================
20:36:26.0591 0996 Current date / time: 2011/09/28 20:36:26.0591
20:36:26.0591 0996 SystemInfo:
20:36:26.0591 0996
20:36:26.0591 0996 OS Version: 6.1.7600 ServicePack: 0.0
20:36:26.0591 0996 Product type: Workstation
20:36:26.0591 0996 ComputerName: MING-PC
20:36:26.0591 0996 UserName: Ming
20:36:26.0591 0996 Windows directory: C:\windows
20:36:26.0591 0996 System windows directory: C:\windows
20:36:26.0591 0996 Running under WOW64
20:36:26.0591 0996 Processor architecture: Intel x64
20:36:26.0591 0996 Number of processors: 4
20:36:26.0591 0996 Page size: 0x1000
20:36:26.0591 0996 Boot type: Normal boot
20:36:26.0591 0996 ============================================================
20:36:27.0090 0996 Initialize success
20:36:30.0896 1212 ============================================================
20:36:30.0896 1212 Scan started
20:36:30.0896 1212 Mode: Manual;
20:36:30.0896 1212 ============================================================
20:36:31.0298 1212 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
20:36:31.0318 1212 1394ohci - ok
20:36:31.0481 1212 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:36:31.0498 1212 ACPI - ok
20:36:31.0649 1212 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:36:31.0679 1212 AcpiPmi - ok
20:36:31.0846 1212 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
20:36:31.0864 1212 ACPIVPC - ok
20:36:32.0059 1212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:36:32.0078 1212 adp94xx - ok
20:36:32.0245 1212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:36:32.0266 1212 adpahci - ok
20:36:32.0431 1212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:36:32.0445 1212 adpu320 - ok
20:36:32.0634 1212 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
20:36:32.0660 1212 AFD - ok
20:36:32.0827 1212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:36:32.0842 1212 agp440 - ok
20:36:33.0000 1212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
20:36:33.0028 1212 aliide - ok
20:36:33.0185 1212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
20:36:33.0208 1212 amdide - ok
20:36:33.0367 1212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:36:33.0391 1212 AmdK8 - ok
20:36:33.0564 1212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:36:33.0585 1212 AmdPPM - ok
20:36:33.0748 1212 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
20:36:33.0765 1212 amdsata - ok
20:36:33.0942 1212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:36:33.0955 1212 amdsbs - ok
20:36:34.0099 1212 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
20:36:34.0118 1212 amdxata - ok
20:36:34.0233 1212 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:36:34.0251 1212 AppID - ok
20:36:34.0427 1212 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:36:34.0443 1212 arc - ok
20:36:34.0602 1212 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:36:34.0619 1212 arcsas - ok
20:36:34.0759 1212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:36:34.0777 1212 AsyncMac - ok
20:36:34.0946 1212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
20:36:34.0963 1212 atapi - ok
20:36:35.0171 1212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:36:35.0187 1212 b06bdrv - ok
20:36:35.0340 1212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:36:35.0359 1212 b57nd60a - ok
20:36:35.0600 1212 BCM43XX (14b3d44414a353e85664be7c4db9747d) C:\windows\system32\DRIVERS\bcmwl664.sys
20:36:35.0629 1212 BCM43XX - ok
20:36:35.0818 1212 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:36:35.0834 1212 Beep - ok
20:36:36.0018 1212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:36:36.0033 1212 blbdrive - ok
20:36:36.0077 1212 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
20:36:36.0088 1212 bowser - ok
20:36:36.0221 1212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:36:36.0234 1212 BrFiltLo - ok
20:36:36.0252 1212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:36:36.0266 1212 BrFiltUp - ok
20:36:36.0327 1212 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
20:36:36.0347 1212 Bridge0 - ok
20:36:36.0485 1212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:36:36.0506 1212 Brserid - ok
20:36:36.0552 1212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:36:36.0565 1212 BrSerWdm - ok
20:36:36.0710 1212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:36:36.0726 1212 BrUsbMdm - ok
20:36:36.0767 1212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:36:36.0778 1212 BrUsbSer - ok
20:36:36.0906 1212 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
20:36:36.0924 1212 BthEnum - ok
20:36:37.0073 1212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:36:37.0092 1212 BTHMODEM - ok
20:36:37.0238 1212 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:36:37.0258 1212 BthPan - ok
20:36:37.0415 1212 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\windows\system32\Drivers\BTHport.sys
20:36:37.0436 1212 BTHPORT - ok
20:36:37.0596 1212 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\windows\system32\Drivers\BTHUSB.sys
20:36:37.0615 1212 BTHUSB - ok
20:36:37.0764 1212 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\windows\system32\drivers\btusbflt.sys
20:36:37.0782 1212 btusbflt - ok
20:36:37.0950 1212 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\windows\system32\drivers\btwaudio.sys
20:36:37.0968 1212 btwaudio - ok
20:36:38.0120 1212 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\windows\system32\DRIVERS\btwavdt.sys
20:36:38.0137 1212 btwavdt - ok
20:36:38.0297 1212 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
20:36:38.0315 1212 btwl2cap - ok
20:36:38.0483 1212 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\windows\system32\DRIVERS\btwrchid.sys
20:36:38.0500 1212 btwrchid - ok
20:36:38.0545 1212 catchme - ok
20:36:38.0679 1212 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:36:38.0693 1212 cdfs - ok
20:36:38.0853 1212 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:36:38.0879 1212 cdrom - ok
20:36:39.0025 1212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:36:39.0046 1212 circlass - ok
20:36:39.0178 1212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:36:39.0199 1212 CLFS - ok
20:36:39.0400 1212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:36:39.0414 1212 CmBatt - ok
20:36:39.0531 1212 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
20:36:39.0559 1212 cmdide - ok
20:36:39.0623 1212 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
20:36:39.0638 1212 CNG - ok
20:36:39.0799 1212 CnxtHdAudService (f88489ea9f083c909c7085742af9ab1c) C:\windows\system32\drivers\CHDRT64.sys
20:36:39.0819 1212 CnxtHdAudService - ok
20:36:39.0976 1212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:36:39.0989 1212 Compbatt - ok
20:36:40.0127 1212 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:36:40.0150 1212 CompositeBus - ok
20:36:40.0305 1212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:36:40.0324 1212 crcdisk - ok
20:36:40.0511 1212 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
20:36:40.0528 1212 DfsC - ok
20:36:40.0676 1212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:36:40.0691 1212 discache - ok
20:36:40.0853 1212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:36:40.0873 1212 Disk - ok
20:36:41.0040 1212 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:36:41.0059 1212 drmkaud - ok
20:36:41.0128 1212 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
20:36:41.0150 1212 DXGKrnl - ok
20:36:41.0265 1212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:36:41.0292 1212 ebdrv - ok
20:36:41.0425 1212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:36:41.0445 1212 elxstor - ok
20:36:41.0520 1212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:36:41.0541 1212 ErrDev - ok
20:36:41.0651 1212 ETD (f2c88cd55cbb12df1e877e27bd5747f8) C:\windows\system32\DRIVERS\ETD.sys
20:36:41.0666 1212 ETD - ok
20:36:41.0731 1212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:36:41.0752 1212 exfat - ok
20:36:41.0779 1212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:36:41.0792 1212 fastfat - ok
20:36:41.0938 1212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:36:41.0949 1212 fdc - ok
20:36:41.0977 1212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:36:41.0991 1212 FileInfo - ok
20:36:42.0015 1212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:36:42.0029 1212 Filetrace - ok
20:36:42.0129 1212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:36:42.0144 1212 flpydisk - ok
20:36:42.0177 1212 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:36:42.0189 1212 FltMgr - ok
20:36:42.0328 1212 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:36:42.0347 1212 FsDepends - ok
20:36:42.0465 1212 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\windows\system32\DRIVERS\fssfltr.sys
20:36:42.0484 1212 fssfltr - ok
20:36:42.0598 1212 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:36:42.0615 1212 Fs_Rec - ok
20:36:42.0696 1212 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:36:42.0710 1212 fvevol - ok
20:36:42.0837 1212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:36:42.0853 1212 gagp30kx - ok
20:36:43.0013 1212 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\windows\system32\drivers\grmnusb.sys
20:36:43.0033 1212 grmnusb - ok
20:36:43.0139 1212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:36:43.0155 1212 hcw85cir - ok
20:36:43.0285 1212 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:36:43.0304 1212 HdAudAddService - ok
20:36:43.0449 1212 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:36:43.0466 1212 HDAudBus - ok
20:36:43.0643 1212 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:36:43.0663 1212 HECIx64 - ok
20:36:43.0784 1212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:36:43.0802 1212 HidBatt - ok
20:36:43.0821 1212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:36:43.0833 1212 HidBth - ok
20:36:43.0843 1212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:36:43.0852 1212 HidIr - ok
20:36:44.0012 1212 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:36:44.0030 1212 HidUsb - ok
20:36:44.0203 1212 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:36:44.0216 1212 HpSAMD - ok
20:36:44.0267 1212 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:36:44.0288 1212 HTTP - ok
20:36:44.0311 1212 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:36:44.0325 1212 hwpolicy - ok
20:36:44.0399 1212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:36:44.0420 1212 i8042prt - ok
20:36:44.0540 1212 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys
20:36:44.0547 1212 iaStor - ok
20:36:44.0726 1212 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
20:36:44.0743 1212 iaStorV - ok
20:36:44.0918 1212 igfx (31d1aff484d8a0906cf8d44251ec390f) C:\windows\system32\DRIVERS\igdkmd64.sys
20:36:44.0968 1212 igfx - ok
20:36:45.0130 1212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:36:45.0144 1212 iirsp - ok
20:36:45.0293 1212 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
20:36:45.0311 1212 Impcd - ok
20:36:45.0487 1212 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\windows\system32\DRIVERS\IntcDAud.sys
20:36:45.0508 1212 IntcDAud - ok
20:36:45.0652 1212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
20:36:45.0678 1212 intelide - ok
20:36:45.0820 1212 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:36:45.0838 1212 intelppm - ok
20:36:45.0869 1212 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:36:45.0879 1212 IPMIDRV - ok
20:36:46.0037 1212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:36:46.0057 1212 IPNAT - ok
20:36:46.0153 1212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:36:46.0171 1212 IRENUM - ok
20:36:46.0283 1212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:36:46.0296 1212 isapnp - ok
20:36:46.0357 1212 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:36:46.0375 1212 iScsiPrt - ok
20:36:46.0557 1212 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
20:36:46.0577 1212 k57nd60a - ok
20:36:46.0718 1212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:36:46.0737 1212 kbdclass - ok
20:36:46.0837 1212 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:36:46.0854 1212 kbdhid - ok
20:36:46.0879 1212 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
20:36:46.0888 1212 KSecDD - ok
20:36:46.0932 1212 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
20:36:46.0943 1212 KSecPkg - ok
20:36:47.0072 1212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:36:47.0090 1212 ksthunk - ok
20:36:47.0279 1212 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:36:47.0296 1212 lltdio - ok
20:36:47.0485 1212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:36:47.0503 1212 LSI_FC - ok
20:36:47.0677 1212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:36:47.0693 1212 LSI_SAS - ok
20:36:47.0855 1212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:36:47.0873 1212 LSI_SAS2 - ok
20:36:47.0890 1212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:36:47.0901 1212 LSI_SCSI - ok
20:36:48.0055 1212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:36:48.0075 1212 luafv - ok
20:36:48.0240 1212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:36:48.0258 1212 megasas - ok
20:36:48.0276 1212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:36:48.0290 1212 MegaSR - ok
20:36:48.0304 1212 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:36:48.0314 1212 Modem - ok
20:36:48.0450 1212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:36:48.0467 1212 monitor - ok
20:36:48.0555 1212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:36:48.0570 1212 mouclass - ok
20:36:48.0697 1212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:36:48.0713 1212 mouhid - ok
20:36:48.0734 1212 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:36:48.0750 1212 mountmgr - ok
20:36:48.0778 1212 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:36:48.0789 1212 mpio - ok
20:36:48.0807 1212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:36:48.0817 1212 mpsdrv - ok
20:36:48.0882 1212 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:36:48.0898 1212 MRxDAV - ok
20:36:48.0939 1212 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
20:36:48.0950 1212 mrxsmb - ok
20:36:48.0995 1212 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:36:49.0008 1212 mrxsmb10 - ok
20:36:49.0034 1212 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:36:49.0046 1212 mrxsmb20 - ok
20:36:49.0155 1212 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
20:36:49.0173 1212 msahci - ok
20:36:49.0305 1212 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:36:49.0320 1212 msdsm - ok
20:36:49.0479 1212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:36:49.0492 1212 Msfs - ok
20:36:49.0608 1212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:36:49.0632 1212 mshidkmdf - ok
20:36:49.0675 1212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:36:49.0686 1212 msisadrv - ok
20:36:49.0827 1212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:36:49.0843 1212 MSKSSRV - ok
20:36:49.0896 1212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:36:49.0909 1212 MSPCLOCK - ok
20:36:49.0955 1212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:36:49.0967 1212 MSPQM - ok
20:36:50.0017 1212 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:36:50.0039 1212 MsRPC - ok
20:36:50.0064 1212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:36:50.0082 1212 mssmbios - ok
20:36:50.0219 1212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:36:50.0235 1212 MSTEE - ok
20:36:50.0265 1212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:36:50.0282 1212 MTConfig - ok
20:36:50.0307 1212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:36:50.0317 1212 Mup - ok
20:36:50.0474 1212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:36:50.0497 1212 NativeWifiP - ok
20:36:50.0612 1212 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:36:50.0637 1212 NDIS - ok
20:36:50.0733 1212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:36:50.0750 1212 NdisCap - ok
20:36:50.0888 1212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:36:50.0897 1212 NdisTapi - ok
20:36:51.0056 1212 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:36:51.0074 1212 Ndisuio - ok
20:36:51.0099 1212 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:36:51.0114 1212 NdisWan - ok
20:36:51.0135 1212 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:36:51.0147 1212 NDProxy - ok
20:36:51.0271 1212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:36:51.0288 1212 NetBIOS - ok
20:36:51.0313 1212 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:36:51.0328 1212 NetBT - ok
20:36:51.0594 1212 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
20:36:51.0632 1212 netw5v64 - ok
20:36:51.0769 1212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:36:51.0787 1212 nfrd960 - ok
20:36:51.0848 1212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:36:51.0861 1212 Npfs - ok
20:36:51.0893 1212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:36:51.0905 1212 nsiproxy - ok
20:36:51.0956 1212 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
20:36:51.0981 1212 Ntfs - ok
20:36:52.0007 1212 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:36:52.0022 1212 Null - ok
20:36:52.0103 1212 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
20:36:52.0123 1212 nvraid - ok
20:36:52.0208 1212 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
20:36:52.0224 1212 nvstor - ok
20:36:52.0297 1212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:36:52.0313 1212 nv_agp - ok
20:36:52.0328 1212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:36:52.0340 1212 ohci1394 - ok
20:36:52.0485 1212 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:36:52.0503 1212 Parport - ok
20:36:52.0522 1212 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:36:52.0535 1212 partmgr - ok
20:36:52.0559 1212 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
20:36:52.0570 1212 pci - ok
20:36:52.0590 1212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:36:52.0606 1212 pciide - ok
20:36:52.0687 1212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:36:52.0704 1212 pcmcia - ok
20:36:52.0768 1212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:36:52.0784 1212 pcw - ok
20:36:52.0811 1212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:36:52.0827 1212 PEAUTH - ok
20:36:52.0989 1212 Point64 (33328fa8a580885ab0065be6db266e9f) C:\windows\system32\DRIVERS\point64.sys
20:36:53.0004 1212 Point64 - ok
20:36:53.0073 1212 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:36:53.0091 1212 PptpMiniport - ok
20:36:53.0190 1212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:36:53.0211 1212 Processor - ok
20:36:53.0364 1212 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:36:53.0383 1212 Psched - ok
20:36:53.0536 1212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:36:53.0559 1212 ql2300 - ok
20:36:53.0707 1212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:36:53.0725 1212 ql40xx - ok
20:36:53.0763 1212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:36:53.0774 1212 QWAVEdrv - ok
20:36:53.0796 1212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:36:53.0806 1212 RasAcd - ok
20:36:53.0909 1212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:36:53.0926 1212 RasAgileVpn - ok
20:36:54.0071 1212 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:36:54.0088 1212 Rasl2tp - ok
20:36:54.0248 1212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:36:54.0264 1212 RasPppoe - ok
20:36:54.0397 1212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:36:54.0414 1212 RasSstp - ok
20:36:54.0444 1212 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:36:54.0463 1212 rdbss - ok
20:36:54.0491 1212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:36:54.0502 1212 rdpbus - ok
20:36:54.0519 1212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:36:54.0535 1212 RDPCDD - ok
20:36:54.0660 1212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:36:54.0688 1212 RDPENCDD - ok
20:36:54.0716 1212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:36:54.0731 1212 RDPREFMP - ok
20:36:54.0762 1212 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:36:54.0774 1212 RDPWD - ok
20:36:54.0862 1212 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
20:36:54.0877 1212 rdyboost - ok
20:36:55.0030 1212 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:36:55.0047 1212 RFCOMM - ok
20:36:55.0209 1212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:36:55.0223 1212 rspndr - ok
20:36:55.0389 1212 RSUSBSTOR (4a286ca297cd75a53d51348ad61680fb) C:\windows\system32\Drivers\RtsUStor.sys
20:36:55.0407 1212 RSUSBSTOR - ok
20:36:55.0551 1212 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\windows\system32\DRIVERS\Rt64win7.sys
20:36:55.0570 1212 RTL8167 - ok
20:36:55.0760 1212 SAVOnAccess (d9057e8ca97628e275979a09ea66b34b) C:\windows\system32\DRIVERS\savonaccess.sys
20:36:55.0783 1212 SAVOnAccess - ok
20:36:55.0941 1212 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:36:55.0961 1212 sbp2port - ok
20:36:55.0999 1212 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:36:56.0012 1212 scfilter - ok
20:36:56.0130 1212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:36:56.0148 1212 secdrv - ok
20:36:56.0301 1212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:36:56.0316 1212 Serenum - ok
20:36:56.0483 1212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:36:56.0496 1212 Serial - ok
20:36:56.0638 1212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:36:56.0658 1212 sermouse - ok
20:36:56.0698 1212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:36:56.0708 1212 sffdisk - ok
20:36:56.0719 1212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:36:56.0731 1212 sffp_mmc - ok
20:36:56.0742 1212 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
20:36:56.0752 1212 sffp_sd - ok
20:36:56.0840 1212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:36:56.0860 1212 sfloppy - ok
20:36:57.0027 1212 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
20:36:57.0050 1212 Sftfs - ok
20:36:57.0112 1212 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:36:57.0134 1212 Sftplay - ok
20:36:57.0152 1212 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:36:57.0164 1212 Sftredir - ok
20:36:57.0196 1212 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
20:36:57.0206 1212 Sftvol - ok
20:36:57.0352 1212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:36:57.0369 1212 SiSRaid2 - ok
20:36:57.0389 1212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:36:57.0407 1212 SiSRaid4 - ok
20:36:57.0545 1212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:36:57.0564 1212 Smb - ok
20:36:57.0761 1212 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\windows\system32\DRIVERS\SophosBootDriver.sys
20:36:57.0776 1212 SophosBootDriver - ok
20:36:57.0825 1212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:36:57.0838 1212 spldr - ok
20:36:57.0983 1212 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
20:36:58.0004 1212 srv - ok
20:36:58.0117 1212 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
20:36:58.0138 1212 srv2 - ok
20:36:58.0271 1212 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
20:36:58.0288 1212 srvnet - ok
20:36:58.0445 1212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:36:58.0469 1212 stexstor - ok
20:36:58.0615 1212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:36:58.0628 1212 swenum - ok
20:36:58.0857 1212 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
20:36:58.0883 1212 Tcpip - ok
20:36:59.0059 1212 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
20:36:59.0075 1212 TCPIP6 - ok
20:36:59.0191 1212 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:36:59.0209 1212 tcpipreg - ok
20:36:59.0320 1212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:36:59.0333 1212 TDPIPE - ok
20:36:59.0354 1212 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:36:59.0367 1212 TDTCP - ok
20:36:59.0397 1212 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:36:59.0411 1212 tdx - ok
20:36:59.0443 1212 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:36:59.0456 1212 TermDD - ok
20:36:59.0469 1212 TfFsMon - ok
20:36:59.0498 1212 TfNetMon - ok
20:36:59.0518 1212 TfSysMon - ok
20:36:59.0573 1212 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:36:59.0584 1212 tssecsrv - ok
20:36:59.0721 1212 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:36:59.0740 1212 tunnel - ok
20:36:59.0773 1212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:36:59.0783 1212 uagp35 - ok
20:36:59.0806 1212 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
20:36:59.0819 1212 udfs - ok
20:36:59.0859 1212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:36:59.0869 1212 uliagpkx - ok
20:36:59.0989 1212 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:37:00.0013 1212 umbus - ok
20:37:00.0116 1212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:37:00.0137 1212 UmPass - ok
20:37:00.0180 1212 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
20:37:00.0195 1212 usbccgp - ok
20:37:00.0311 1212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:37:00.0333 1212 usbcir - ok
20:37:00.0445 1212 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
20:37:00.0462 1212 usbehci - ok
20:37:00.0579 1212 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
20:37:00.0597 1212 usbhub - ok
20:37:00.0632 1212 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
20:37:00.0644 1212 usbohci - ok
20:37:00.0750 1212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:37:00.0767 1212 usbprint - ok
20:37:00.0912 1212 usbsmi (c839aa65bd73371dd238efbc7109ef64) C:\windows\system32\DRIVERS\SMIksdrv.sys
20:37:00.0929 1212 usbsmi - ok
20:37:00.0966 1212 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:37:00.0980 1212 USBSTOR - ok
20:37:01.0008 1212 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
20:37:01.0020 1212 usbuhci - ok
20:37:01.0153 1212 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
20:37:01.0169 1212 usbvideo - ok
20:37:01.0259 1212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:37:01.0280 1212 vdrvroot - ok
20:37:01.0426 1212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:37:01.0440 1212 vga - ok
20:37:01.0578 1212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:37:01.0594 1212 VgaSave - ok
20:37:01.0688 1212 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:37:01.0706 1212 vhdmp - ok
20:37:01.0809 1212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
20:37:01.0832 1212 viaide - ok
20:37:01.0977 1212 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:37:01.0993 1212 volmgr - ok
20:37:02.0035 1212 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:37:02.0053 1212 volmgrx - ok
20:37:02.0073 1212 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:37:02.0089 1212 volsnap - ok
20:37:02.0222 1212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:37:02.0237 1212 vsmraid - ok
20:37:02.0279 1212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:37:02.0298 1212 vwifibus - ok
20:37:02.0425 1212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:37:02.0444 1212 vwififlt - ok
20:37:02.0578 1212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:37:02.0593 1212 WacomPen - ok
20:37:02.0743 1212 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:37:02.0760 1212 WANARP - ok
20:37:02.0786 1212 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:37:02.0787 1212 Wanarpv6 - ok
20:37:02.0949 1212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:37:02.0967 1212 Wd - ok
20:37:03.0010 1212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:37:03.0024 1212 Wdf01000 - ok
20:37:03.0128 1212 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
20:37:03.0150 1212 wdmirror - ok
20:37:03.0309 1212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:37:03.0324 1212 WfpLwf - ok
20:37:03.0374 1212 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
20:37:03.0386 1212 WimFltr - ok
20:37:03.0479 1212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:37:03.0498 1212 WIMMount - ok
20:37:03.0694 1212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:37:03.0711 1212 WmiAcpi - ok
20:37:03.0865 1212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:37:03.0886 1212 ws2ifsl - ok
20:37:04.0048 1212 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
20:37:04.0069 1212 wsvd - ok
20:37:04.0123 1212 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:37:04.0138 1212 WudfPf - ok
20:37:04.0255 1212 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:37:04.0275 1212 WUDFRd - ok
20:37:04.0328 1212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:37:04.0339 1212 \Device\Harddisk0\DR0 - ok
20:37:04.0343 1212 Boot (0x1200) (d6f5135bc1f0fbce4b30dd2ba4945dfe) \Device\Harddisk0\DR0\Partition0
20:37:04.0344 1212 \Device\Harddisk0\DR0\Partition0 - ok
20:37:04.0351 1212 Boot (0x1200) (31e36e5ad06c608a2ddb444ae710f4e3) \Device\Harddisk0\DR0\Partition1
20:37:04.0352 1212 \Device\Harddisk0\DR0\Partition1 - ok
20:37:04.0377 1212 Boot (0x1200) (3bab0ee778ade4b5b00d37f4357a5494) \Device\Harddisk0\DR0\Partition2
20:37:04.0378 1212 \Device\Harddisk0\DR0\Partition2 - ok
20:37:04.0379 1212 ============================================================
20:37:04.0379 1212 Scan finished
20:37:04.0379 1212 ============================================================
20:37:04.0388 2340 Detected object count: 0
20:37:04.0388 2340 Actual detected object count: 0

 

Hi,

Kaspersky is done. However the report is a 70MB text file. Too large to post it here. Please instruct.

Thanks a lot for all the help!
-ming

 

Hi,

This is the link: http://www.filedropper.com/kaspersk

Thanks,
Ming