Inactive Infected with "Win64/Patched.B.Gen trojan"

kimbokrn

Posts: 15   +0
It seems like my laptop has been infected with a trojan. It just started happening today.

My laptop is running Windows 7 Professional 64-Bit OS with ESET Smart Security 5. I've started receiving ESET notifications:
123.png


I've tried deleting it through the notification numerous times, but I kept getting an error message that looks like this:
234.png


I've never had a problem like this before in my life, and I need your help!! Thank you in advance!
 
Malwarebytes Anti-Malware Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Allen :: ALLEN-PC [administrator]

7/23/2012 10:36:18 PM
mbam-log-2012-07-23 (22-36-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192380
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4544 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 
Farbar Scan Log:

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by Allen at 23-07-2012 22:50:43
Running from C:\Users\Allen\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-23 22:49 - 2012-07-23 22:50 - 00000000 ____D C:\FRST
2012-07-23 22:48 - 2012-07-23 22:49 - 01437781 ____A (Farbar) C:\Users\Allen\Desktop\FRST64.exe
2012-07-23 22:42 - 2009-07-13 18:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-23 22:35 - 2012-07-23 22:35 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 22:35 - 2012-07-23 22:35 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Malwarebytes
2012-07-23 22:35 - 2012-07-23 22:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-23 22:34 - 2012-07-23 22:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 22:34 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-23 22:32 - 2012-07-23 22:34 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Allen\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 18:22 - 2012-07-23 18:22 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-23 13:51 - 2012-07-23 18:33 - 00000000 ____D C:\Users\Allen\AppData\Local\IBM
2012-07-23 13:45 - 2012-07-23 22:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 13:45 - 2012-07-23 20:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 01:00 - 2012-07-23 01:00 - 00000000 ____D C:\Users\Allen\Desktop\Dumbfoundead - Love Everyday EP
2012-07-20 15:50 - 2012-07-20 15:52 - 00017584 ____A C:\Users\Allen\Desktop\2004 VW GTI MPG Record.xlsx
2012-07-11 01:01 - 2012-06-11 20:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:58 - 2012-06-02 05:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 00:58 - 2012-06-02 05:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:58 - 2012-06-02 05:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 00:58 - 2012-06-02 05:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 00:58 - 2012-06-02 05:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 00:58 - 2012-06-02 05:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 00:58 - 2012-06-02 05:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 00:58 - 2012-06-02 05:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 00:58 - 2012-06-02 05:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 00:58 - 2012-06-02 05:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 00:58 - 2012-06-02 04:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 00:58 - 2012-06-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 00:58 - 2012-06-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 00:58 - 2012-06-02 04:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 00:58 - 2012-06-02 02:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 00:58 - 2012-06-02 01:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 00:58 - 2012-06-02 01:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 00:58 - 2012-06-02 01:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 00:58 - 2012-06-02 01:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 00:58 - 2012-06-02 01:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 00:58 - 2012-06-02 01:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 00:58 - 2012-06-02 01:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 00:58 - 2012-06-02 01:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 00:58 - 2012-06-02 01:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 00:58 - 2012-06-02 01:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 00:58 - 2012-06-02 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 00:58 - 2012-06-02 01:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 00:58 - 2012-06-02 01:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 19:43 - 2012-07-23 16:52 - 00000000 ____D C:\Users\Allen\Desktop\SJSU Biol 115
2012-07-10 18:09 - 2012-06-08 22:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 18:09 - 2012-06-08 21:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 18:09 - 2012-06-05 23:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 18:09 - 2012-06-05 23:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 18:09 - 2012-06-05 23:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 18:09 - 2012-06-05 22:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 18:09 - 2012-06-05 22:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 18:09 - 2012-06-05 22:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 18:09 - 2012-06-01 22:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 18:09 - 2012-06-01 22:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 18:09 - 2012-06-01 22:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 18:09 - 2012-06-01 22:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 18:09 - 2012-06-01 22:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 18:09 - 2012-06-01 21:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 18:09 - 2012-06-01 21:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 18:09 - 2012-06-01 21:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 18:09 - 2012-06-01 21:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 18:09 - 2010-06-25 20:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 18:09 - 2010-06-25 20:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-08 20:17 - 2012-07-23 20:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-06 10:27 - 2012-07-10 22:18 - 00000000 ____D C:\Users\Allen\Desktop\New folder (2)
2012-07-03 09:21 - 2012-07-03 09:21 - 00000000 ____D C:\Users\Allen\AppData\Local\Samsung
2012-07-03 09:20 - 2012-07-03 09:20 - 00000000 ____D C:\Users\Allen\Documents\samsung
2012-07-03 09:20 - 2012-07-03 09:20 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Samsung
2012-07-02 23:19 - 2012-07-02 23:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-07-02 23:12 - 2012-05-20 19:09 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-07-02 23:12 - 2012-05-20 19:09 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-07-02 23:11 - 2012-07-02 23:11 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-07-02 23:11 - 2012-05-23 18:50 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-07-02 23:11 - 2012-05-23 18:49 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-07-02 23:10 - 2012-07-02 23:12 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-07-02 23:10 - 2012-07-02 23:11 - 00000000 ____D C:\Users\All Users\Samsung
2012-07-02 15:51 - 2012-07-22 23:07 - 00000000 ____D C:\Users\Allen\Desktop\New folder
2012-06-30 18:40 - 2012-06-30 18:45 - 00000079 ____A C:\Users\Allen\AppData\Local\CrystalDiskMark30.ini
2012-06-30 18:40 - 2012-06-30 18:40 - 00000000 ____D C:\Program Files\CrystalDiskMark
2012-06-27 19:20 - 2012-06-27 19:20 - 00000000 ____D C:\Program Files (x86)\ETS
2012-06-26 20:43 - 2012-07-21 21:34 - 00000000 ____D C:\Users\Allen\Downloads\Royal Pains - Season 4

============ 3 Months Modified Files ========================

2012-07-23 22:49 - 2009-07-13 21:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 22:49 - 2009-07-13 21:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 22:43 - 2012-07-23 13:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 22:42 - 2012-05-17 13:28 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-23 22:41 - 2011-06-17 19:01 - 00108014 ____A C:\Windows\PFRO.log
2012-07-23 22:41 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-23 22:41 - 2009-07-13 21:51 - 00104485 ____A C:\Windows\setupact.log
2012-07-23 22:38 - 2012-05-17 13:28 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-23 22:35 - 2012-07-23 22:35 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 22:34 - 2012-07-23 22:32 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Allen\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 22:18 - 2011-06-17 19:43 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000UA.job
2012-07-23 22:05 - 2011-06-17 19:43 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000Core.job
2012-07-23 20:43 - 2012-07-23 13:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 20:43 - 2012-07-08 20:17 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-23 20:43 - 2011-06-17 18:09 - 01320232 ____A C:\Windows\WindowsUpdate.log
2012-07-20 15:52 - 2012-07-20 15:50 - 00017584 ____A C:\Users\Allen\Desktop\2004 VW GTI MPG Record.xlsx
2012-07-17 17:01 - 2009-07-13 22:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-16 17:26 - 2009-07-13 22:13 - 00739918 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-11 08:10 - 2009-07-13 21:45 - 04964272 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:59 - 2011-06-17 20:21 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 13:46 - 2012-07-23 22:34 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 23:19 - 2012-07-02 23:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-06-30 20:46 - 2011-06-17 18:29 - 00107248 ____A C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-30 18:45 - 2012-06-30 18:40 - 00000079 ____A C:\Users\Allen\AppData\Local\CrystalDiskMark30.ini
2012-06-29 20:36 - 2012-01-04 14:23 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-06-29 20:36 - 2012-01-04 14:23 - 00000470 ____A C:\Windows\LkmdfCoInst.log
2012-06-18 19:09 - 2011-07-21 18:21 - 00185340 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-06-14 12:23 - 2012-06-14 12:23 - 00004595 ____A C:\Users\Allen\.recently-used.xbel
2012-06-11 20:08 - 2012-07-11 01:01 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 22:43 - 2012-07-10 18:09 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 21:41 - 2012-07-10 18:09 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 23:06 - 2012-07-10 18:09 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 23:06 - 2012-07-10 18:09 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 23:02 - 2012-07-10 18:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 22:05 - 2012-07-10 18:09 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 22:05 - 2012-07-10 18:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 22:03 - 2012-07-10 18:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 15:19 - 2012-06-21 10:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 15:19 - 2012-06-21 10:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 15:19 - 2012-06-21 10:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 15:19 - 2012-06-21 10:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 15:19 - 2012-06-21 10:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 15:19 - 2012-06-21 10:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-21 10:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 15:15 - 2012-06-21 10:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:15 - 2012-06-21 10:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 05:49 - 2012-07-11 00:58 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 05:17 - 2012-07-11 00:58 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 05:12 - 2012-07-11 00:58 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 05:05 - 2012-07-11 00:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 05:05 - 2012-07-11 00:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 05:04 - 2012-07-11 00:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 05:04 - 2012-07-11 00:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 05:03 - 2012-07-11 00:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 05:01 - 2012-07-11 00:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 05:00 - 2012-07-11 00:58 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 04:59 - 2012-07-11 00:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 04:57 - 2012-07-11 00:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 04:57 - 2012-07-11 00:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 04:54 - 2012-07-11 00:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 02:07 - 2012-07-11 00:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 01:43 - 2012-07-11 00:58 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 01:33 - 2012-07-11 00:58 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 01:26 - 2012-07-11 00:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 01:25 - 2012-07-11 00:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 01:25 - 2012-07-11 00:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 01:23 - 2012-07-11 00:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 01:21 - 2012-07-11 00:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 01:20 - 2012-07-11 00:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 01:19 - 2012-07-11 00:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 01:19 - 2012-07-11 00:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 01:17 - 2012-07-11 00:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 01:16 - 2012-07-11 00:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 01:14 - 2012-07-11 00:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 22:50 - 2012-07-10 18:09 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 22:48 - 2012-07-10 18:09 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 22:48 - 2012-07-10 18:09 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 22:45 - 2012-07-10 18:09 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 22:44 - 2012-07-10 18:09 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 21:40 - 2012-07-10 18:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 21:40 - 2012-07-10 18:09 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 21:39 - 2012-07-10 18:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 21:34 - 2012-07-10 18:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 12:25 - 2011-06-17 18:44 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 00:38 - 2012-05-29 00:38 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-23 18:50 - 2012-07-02 23:11 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-05-23 18:49 - 2012-07-02 23:11 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00569344 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2012-05-23 18:49 - 2012-05-23 18:49 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00258048 ____A ((c) PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2012-05-23 18:49 - 2012-05-23 18:49 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00200704 ____A ( (c) MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2012-05-23 18:49 - 2012-05-23 18:49 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
2012-05-23 18:49 - 2012-05-23 18:49 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00131072 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2012-05-23 18:49 - 2012-05-23 18:49 - 00122880 ____A ((c) MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2012-05-23 18:49 - 2012-05-23 18:49 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00110592 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2012-05-23 18:49 - 2012-05-23 18:49 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
2012-05-23 18:49 - 2012-05-23 18:49 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2012-05-23 18:49 - 2012-05-23 18:49 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
2012-05-23 18:49 - 2012-05-23 18:49 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
2012-05-21 17:21 - 2011-08-09 11:39 - 00000218 ____A C:\Windows\SysWOW64\dvmenul.tgz
2012-05-21 17:21 - 2011-08-09 11:39 - 00000204 ____A C:\Windows\SysWOW64\dvmenul.dll
2012-05-21 17:21 - 2011-08-09 11:39 - 00000114 ____A C:\Windows\SysWOW64\prsgrc.tgz
2012-05-21 17:21 - 2011-08-09 11:39 - 00000100 ____A C:\Windows\SysWOW64\prsgrc.dll
2012-05-21 17:21 - 2011-08-09 11:39 - 00000086 ____A C:\Windows\SysWOW64\ssprs.tgz
2012-05-21 17:11 - 2012-05-21 17:11 - 00001025 ____A C:\Windows\SysWOW64\o8rdv6u.tgz
2012-05-21 17:11 - 2011-08-09 11:39 - 00001025 ____A C:\Windows\SysWOW64\o8rdv6u.dll
2012-05-21 17:11 - 2011-08-09 11:39 - 00001025 ____A C:\Windows\SysWOW64\grcauth2.dll
2012-05-21 17:11 - 2011-08-09 11:39 - 00001025 ____A C:\Windows\SysWOW64\grcauth1.dll
2012-05-21 17:11 - 2011-08-09 11:39 - 00001025 ____A C:\Windows\SysWOW64\clauth2.dll
2012-05-21 17:11 - 2011-08-09 11:39 - 00001025 ____A C:\Windows\SysWOW64\clauth1.dll
2012-05-21 17:11 - 2011-08-09 11:39 - 00000072 ____A C:\Windows\SysWOW64\ssprs.dll
2012-05-20 19:09 - 2012-07-02 23:12 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-05-20 19:09 - 2012-07-02 23:12 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-05-19 18:00 - 2012-05-19 18:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-05-19 17:59 - 2012-05-19 17:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-05-19 17:59 - 2011-07-11 18:21 - 00009100 ____A C:\Users\Allen\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-19 17:58 - 2012-05-19 17:57 - 00005632 ____A C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-19 17:58 - 2011-07-11 18:21 - 00002464 ____A C:\Users\Allen\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-05-04 04:06 - 2012-06-13 20:11 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:03 - 2012-06-13 20:11 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 03:03 - 2012-06-13 20:11 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 22:40 - 2012-06-13 20:11 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 20:55 - 2012-06-13 20:11 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 22:41 - 2012-06-13 20:12 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 22:41 - 2012-06-13 20:12 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 22:34 - 2012-06-13 20:12 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


ZeroAccess:
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\L
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\L\00000004.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\00000004.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\000000cb.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\80000000.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\80000032.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\80000064.@

ZeroAccess:
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\@
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\L
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\n
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible MBR infection:
C:\Windows\svchost.exe

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 16:19] - [2009-07-13 18:39] - 0328704 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 31%
Total physical RAM: 8075.23 MB
Available physical RAM: 5526.97 MB
Total Pagefile: 16148.66 MB
Available Pagefile: 13472.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:288.23 GB) (Free:119.72 GB) NTFS
2 Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.48 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 288 GB 101 MB
Partition 3 Primary 9 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 288 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-20 11:45

======================= End Of Log ==========================
 
Forgot to run Farbar in recovery. Here's the Farbar log ran in recovery mode:

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 23-07-2012 23:10:24
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-07-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-07-08] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-07-08] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [TNOD UP] "C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe" /I [947200 2012-03-04] (Tukero[X]Team)
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2903448 2011-06-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [529880 2012-05-30] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKU\Allen\...\Run: [Google Update] "C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-17] (Google Inc.)
HKU\Allen\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Allen\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [958392 2012-05-29] (Samsung)
HKU\Allen\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKU\Allen\...\Run: [IBM] RUNDLL32.EXE C:\Users\Allen\AppData\Local\IBM\wznnpbul.dll,DllGetClassObject [762368 2012-07-23] ()
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) ======

2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [45928 2011-02-01] (Lenovo.)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-11-24] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
2 NACAgent; "C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe" [1154008 2012-05-30] (Cisco Systems, Inc.)
2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
2 SAService; C:\Windows\SysWow64\SAsrv.exe [446592 2011-03-14] (Conexant Systems, Inc.)
2 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [28672 2011-04-18] (Lenovo Group Limited)
2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [114024 2010-12-03] (Lenovo Group Limited)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [64440 2010-12-02] (Lenovo Group Limited)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-01-17] (Intel Corporation)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 5U877; C:\Windows\System32\Drivers\5U877.sys [166016 2011-03-04] (Ricoh co.,Ltd.)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
1 HWiNFO32; \??\C:\Users\Allen\Desktop\Tools\hw64_382\HWiNFO64A.SYS [28032 2011-05-22] (REALiX(tm))
3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2011-06-22] (Windows (R) Win 7 DDK provider)
3 ALSysIO; \??\C:\Users\Allen\AppData\Local\Temp\ALSysIO64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-23 21:50 - 2012-07-23 21:51 - 00028813 ____A C:\Users\Allen\Desktop\FRST.txt
2012-07-23 21:49 - 2012-07-23 21:50 - 00000000 ____D C:\FRST
2012-07-23 21:48 - 2012-07-23 21:49 - 01437781 ____A (Farbar) C:\Users\Allen\Desktop\FRST64.exe
2012-07-23 21:42 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-23 21:35 - 2012-07-23 21:35 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 21:35 - 2012-07-23 21:35 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Malwarebytes
2012-07-23 21:35 - 2012-07-23 21:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-23 21:34 - 2012-07-23 21:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 21:34 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-23 21:32 - 2012-07-23 21:34 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Allen\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 17:22 - 2012-07-23 17:22 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-23 12:51 - 2012-07-23 17:33 - 00000000 ____D C:\Users\Allen\AppData\Local\IBM
2012-07-23 12:45 - 2012-07-23 21:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 12:45 - 2012-07-23 19:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 00:00 - 2012-07-23 00:00 - 00000000 ____D C:\Users\Allen\Desktop\Dumbfoundead - Love Everyday EP
2012-07-20 14:50 - 2012-07-20 14:52 - 00017584 ____A C:\Users\Allen\Desktop\2004 VW GTI MPG Record.xlsx
2012-07-11 00:01 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:58 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:58 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:58 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:58 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:58 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:58 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:58 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:58 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:58 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:58 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:58 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:58 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:58 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:58 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:58 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:58 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:58 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:58 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:58 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:58 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:58 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:58 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:58 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:58 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:58 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:58 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:58 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:58 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 18:43 - 2012-07-23 15:52 - 00000000 ____D C:\Users\Allen\Desktop\SJSU Biol 115
2012-07-10 17:09 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 17:09 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 17:09 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 17:09 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 17:09 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 17:09 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 17:09 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 17:09 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 17:09 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 17:09 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 17:09 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 17:09 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 17:09 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 17:09 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 17:09 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 17:09 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 17:09 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 17:09 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 17:09 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-08 19:17 - 2012-07-23 19:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-06 09:27 - 2012-07-10 21:18 - 00000000 ____D C:\Users\Allen\Desktop\New folder (2)
2012-07-03 08:21 - 2012-07-03 08:21 - 00000000 ____D C:\Users\Allen\AppData\Local\Samsung
2012-07-03 08:20 - 2012-07-03 08:20 - 00000000 ____D C:\Users\Allen\Documents\samsung
2012-07-03 08:20 - 2012-07-03 08:20 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Samsung
2012-07-02 22:19 - 2012-07-02 22:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-07-02 22:12 - 2012-05-20 18:09 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-07-02 22:12 - 2012-05-20 18:09 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-07-02 22:11 - 2012-07-02 22:11 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-07-02 22:11 - 2012-05-23 17:50 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-07-02 22:11 - 2012-05-23 17:49 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-07-02 22:10 - 2012-07-02 22:12 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-07-02 22:10 - 2012-07-02 22:11 - 00000000 ____D C:\Users\All Users\Samsung
2012-07-02 14:51 - 2012-07-22 22:07 - 00000000 ____D C:\Users\Allen\Desktop\New folder
2012-06-30 17:40 - 2012-06-30 17:45 - 00000079 ____A C:\Users\Allen\AppData\Local\CrystalDiskMark30.ini
2012-06-30 17:40 - 2012-06-30 17:40 - 00000000 ____D C:\Program Files\CrystalDiskMark
2012-06-27 18:20 - 2012-06-27 18:20 - 00000000 ____D C:\Program Files (x86)\ETS
2012-06-26 19:43 - 2012-07-21 20:34 - 00000000 ____D C:\Users\Allen\Downloads\Royal Pains - Season 4

============ 3 Months Modified Files ========================

2012-07-23 22:06 - 2011-06-17 17:09 - 01321303 ____A C:\Windows\WindowsUpdate.log
2012-07-23 22:06 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 22:06 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 22:03 - 2012-05-17 12:28 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-23 22:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-23 22:03 - 2009-07-13 20:51 - 00104597 ____A C:\Windows\setupact.log
2012-07-23 21:51 - 2012-07-23 21:50 - 00028813 ____A C:\Users\Allen\Desktop\FRST.txt
2012-07-23 21:49 - 2012-07-23 21:48 - 01437781 ____A (Farbar) C:\Users\Allen\Desktop\FRST64.exe
2012-07-23 21:43 - 2012-07-23 12:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 21:41 - 2011-06-17 18:01 - 00108014 ____A C:\Windows\PFRO.log
2012-07-23 21:38 - 2012-05-17 12:28 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-23 21:35 - 2012-07-23 21:35 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 21:34 - 2012-07-23 21:32 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Allen\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 21:18 - 2011-06-17 18:43 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000UA.job
2012-07-23 21:05 - 2011-06-17 18:43 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000Core.job
2012-07-23 19:43 - 2012-07-23 12:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 19:43 - 2012-07-08 19:17 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-20 14:52 - 2012-07-20 14:50 - 00017584 ____A C:\Users\Allen\Desktop\2004 VW GTI MPG Record.xlsx
2012-07-17 16:01 - 2009-07-13 21:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-16 16:26 - 2009-07-13 21:13 - 00739918 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-11 07:10 - 2009-07-13 20:45 - 04964272 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:59 - 2011-06-17 19:21 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 12:46 - 2012-07-23 21:34 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 22:19 - 2012-07-02 22:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-06-30 19:46 - 2011-06-17 17:29 - 00107248 ____A C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-30 17:45 - 2012-06-30 17:40 - 00000079 ____A C:\Users\Allen\AppData\Local\CrystalDiskMark30.ini
2012-06-29 19:36 - 2012-01-04 13:23 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-06-29 19:36 - 2012-01-04 13:23 - 00000470 ____A C:\Windows\LkmdfCoInst.log
2012-06-18 18:09 - 2011-07-21 17:21 - 00185340 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-06-14 11:23 - 2012-06-14 11:23 - 00004595 ____A C:\Users\Allen\.recently-used.xbel
2012-06-11 19:08 - 2012-07-11 00:01 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 17:09 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 17:09 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 17:09 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 17:09 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 17:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 17:09 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 17:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 17:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 09:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 09:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 09:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 09:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 09:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 09:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-21 09:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 09:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 09:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:58 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:58 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:58 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:58 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:58 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:58 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 17:09 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 17:09 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 17:09 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 17:09 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 17:09 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 17:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 17:09 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 17:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 17:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2011-06-17 17:44 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-28 23:38 - 2012-05-28 23:38 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-23 17:50 - 2012-07-02 22:11 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-05-23 17:49 - 2012-07-02 22:11 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00569344 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00258048 ____A ((c) PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00200704 ____A ( (c) MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2012-05-23 17:49 - 2012-05-23 17:49 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00131072 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00122880 ____A ((c) MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00110592 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
2012-05-23 17:49 - 2012-05-23 17:49 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
2012-05-23 17:49 - 2012-05-23 17:49 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
2012-05-21 16:21 - 2011-08-09 10:39 - 00000218 ____A C:\Windows\SysWOW64\dvmenul.tgz
2012-05-21 16:21 - 2011-08-09 10:39 - 00000204 ____A C:\Windows\SysWOW64\dvmenul.dll
2012-05-21 16:21 - 2011-08-09 10:39 - 00000114 ____A C:\Windows\SysWOW64\prsgrc.tgz
2012-05-21 16:21 - 2011-08-09 10:39 - 00000100 ____A C:\Windows\SysWOW64\prsgrc.dll
2012-05-21 16:21 - 2011-08-09 10:39 - 00000086 ____A C:\Windows\SysWOW64\ssprs.tgz
2012-05-21 16:11 - 2012-05-21 16:11 - 00001025 ____A C:\Windows\SysWOW64\o8rdv6u.tgz
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\o8rdv6u.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\grcauth2.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\grcauth1.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\clauth2.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\clauth1.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00000072 ____A C:\Windows\SysWOW64\ssprs.dll
2012-05-20 18:09 - 2012-07-02 22:12 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-05-20 18:09 - 2012-07-02 22:12 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-05-19 17:00 - 2012-05-19 17:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-05-19 16:59 - 2012-05-19 16:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-05-19 16:59 - 2011-07-11 17:21 - 00009100 ____A C:\Users\Allen\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-19 16:58 - 2012-05-19 16:57 - 00005632 ____A C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-19 16:58 - 2011-07-11 17:21 - 00002464 ____A C:\Users\Allen\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-05-04 03:06 - 2012-06-13 19:11 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 19:11 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 19:11 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 19:11 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 19:11 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 19:12 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 19:12 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 19:12 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


ZeroAccess:
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\L
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\L\00000004.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\00000004.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\00000008.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\000000cb.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\80000000.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\80000032.@
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}\U\80000064.@

ZeroAccess:
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\@
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\L
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\n
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible MBR infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8075.23 MB
Available physical RAM: 7272.38 MB
Total Pagefile: 8073.38 MB
Available Pagefile: 7262.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:288.23 GB) (Free:119.67 GB) NTFS
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.48 GB) NTFS
3 Drive f: (ALLEN KIM!!) (Removable) (Total:1.86 GB) (Free:1.57 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1910 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 288 GB 101 MB
Partition 3 Primary 9 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 288 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F ALLEN KIM!! FAT Removable 1909 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-20 10:45

======================= End Of Log ==========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

FRST2.gif


When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

FRST2.gif


When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.
 
Thanks, DragonMasterJay.

Here is the log from doing a search on services.exe:

Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 08:02:37
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
CMD: bootrec /FixMbr
C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844}
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
I didn't have any time to extensively use the computer, just to do what you've told me to do. Is there a way to check if the trojan is still present without having to wait for a notification or anything?

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 09:35:32 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

========= bootrec /FixMbr =========

ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

C:\Windows\Installer\{0774f8a3-82f5-b94f-3287-01de714cd844} moved successfully.
C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====
 
Uhh.. I don't know if this is relevant, but I just turned on my computer and used it for 3 minutes before getting the blue screen doing crash dump/physical memory dump.. It's the first time that has ever happened to me on this computer.
 
Thanks for the quick reply. I don't get notifications anymore, but when I run virus scans, there is still detection.

New log:

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 24-07-2012 13:37:47
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-07-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-07-08] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-07-08] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [TNOD UP] "C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe" /I [947200 2012-03-04] (Tukero[X]Team)
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2903448 2011-06-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [529880 2012-05-30] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKU\Allen\...\Run: [Google Update] "C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-17] (Google Inc.)
HKU\Allen\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Allen\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [958392 2012-05-29] (Samsung)
HKU\Allen\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKU\Allen\...\Run: [IBM] RUNDLL32.EXE C:\Users\Allen\AppData\Local\IBM\wznnpbul.dll,DllGetClassObject [762368 2012-07-23] ()
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 130.65.11.90 130.65.11.91

==================== Services (Whitelisted) ======

2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [45928 2011-02-01] (Lenovo.)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-11-24] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
2 NACAgent; "C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe" [1154008 2012-05-30] (Cisco Systems, Inc.)
2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
2 SAService; C:\Windows\SysWow64\SAsrv.exe [446592 2011-03-14] (Conexant Systems, Inc.)
2 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [28672 2011-04-18] (Lenovo Group Limited)
2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [114024 2010-12-03] (Lenovo Group Limited)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [64440 2010-12-02] (Lenovo Group Limited)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-01-17] (Intel Corporation)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 5U877; C:\Windows\System32\Drivers\5U877.sys [166016 2011-03-04] (Ricoh co.,Ltd.)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
1 HWiNFO32; \??\C:\Users\Allen\Desktop\Tools\hw64_382\HWiNFO64A.SYS [28032 2011-05-22] (REALiX(tm))
3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2011-06-22] (Windows (R) Win 7 DDK provider)
3 ALSysIO; \??\C:\Users\Allen\AppData\Local\Temp\ALSysIO64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-24 11:35 - 2012-07-24 11:36 - 00262144 ____A C:\Windows\Minidump\072412-18454-01.dmp
2012-07-23 21:49 - 2012-07-23 21:50 - 00000000 ____D C:\FRST
2012-07-23 21:42 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-23 21:35 - 2012-07-23 21:35 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 21:35 - 2012-07-23 21:35 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Malwarebytes
2012-07-23 21:35 - 2012-07-23 21:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-23 21:34 - 2012-07-23 21:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 21:34 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-23 17:22 - 2012-07-23 17:22 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-23 12:51 - 2012-07-23 17:33 - 00000000 ____D C:\Users\Allen\AppData\Local\IBM
2012-07-23 12:45 - 2012-07-24 11:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 12:45 - 2012-07-23 19:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 00:00 - 2012-07-23 00:00 - 00000000 ____D C:\Users\Allen\Desktop\Dumbfoundead - Love Everyday EP
2012-07-20 14:50 - 2012-07-20 14:52 - 00017584 ____A C:\Users\Allen\Desktop\2004 VW GTI MPG Record.xlsx
2012-07-11 00:01 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:58 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:58 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:58 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:58 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:58 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:58 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:58 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:58 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:58 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:58 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:58 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:58 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:58 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:58 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:58 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:58 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:58 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:58 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:58 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:58 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:58 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:58 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:58 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:58 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:58 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:58 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:58 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:58 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 18:43 - 2012-07-24 12:17 - 00000000 ____D C:\Users\Allen\Desktop\SJSU Biol 115
2012-07-10 17:09 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 17:09 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 17:09 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 17:09 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 17:09 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 17:09 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 17:09 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 17:09 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 17:09 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 17:09 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 17:09 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 17:09 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 17:09 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 17:09 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 17:09 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 17:09 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 17:09 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 17:09 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 17:09 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-08 19:17 - 2012-07-23 19:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-06 09:27 - 2012-07-10 21:18 - 00000000 ____D C:\Users\Allen\Desktop\New folder (2)
2012-07-03 08:21 - 2012-07-03 08:21 - 00000000 ____D C:\Users\Allen\AppData\Local\Samsung
2012-07-03 08:20 - 2012-07-03 08:20 - 00000000 ____D C:\Users\Allen\Documents\samsung
2012-07-03 08:20 - 2012-07-03 08:20 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Samsung
2012-07-02 22:19 - 2012-07-02 22:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-07-02 22:12 - 2012-05-20 18:09 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-07-02 22:12 - 2012-05-20 18:09 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-07-02 22:11 - 2012-07-02 22:11 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-07-02 22:11 - 2012-05-23 17:50 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-07-02 22:11 - 2012-05-23 17:49 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-07-02 22:10 - 2012-07-02 22:12 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-07-02 22:10 - 2012-07-02 22:11 - 00000000 ____D C:\Users\All Users\Samsung
2012-07-02 14:51 - 2012-07-22 22:07 - 00000000 ____D C:\Users\Allen\Desktop\New folder
2012-06-30 17:40 - 2012-06-30 17:45 - 00000079 ____A C:\Users\Allen\AppData\Local\CrystalDiskMark30.ini
2012-06-30 17:40 - 2012-06-30 17:40 - 00000000 ____D C:\Program Files\CrystalDiskMark
2012-06-27 18:20 - 2012-06-27 18:20 - 00000000 ____D C:\Program Files (x86)\ETS
2012-06-26 19:43 - 2012-07-21 20:34 - 00000000 ____D C:\Users\Allen\Downloads\Royal Pains - Season 4

============ 3 Months Modified Files ========================

2012-07-24 12:18 - 2011-06-17 18:43 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000UA.job
2012-07-24 11:44 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-24 11:44 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-24 11:43 - 2012-07-23 12:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-24 11:43 - 2009-07-13 21:13 - 00739744 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-24 11:41 - 2011-06-17 17:09 - 01325574 ____A C:\Windows\WindowsUpdate.log
2012-07-24 11:38 - 2012-05-17 12:28 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-24 11:37 - 2012-05-17 12:28 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-24 11:36 - 2012-07-24 11:35 - 00262144 ____A C:\Windows\Minidump\072412-18454-01.dmp
2012-07-24 11:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-24 11:36 - 2009-07-13 20:51 - 00104989 ____A C:\Windows\setupact.log
2012-07-24 11:35 - 2011-07-25 08:55 - 489636624 ____A C:\Windows\MEMORY.DMP
2012-07-23 21:41 - 2011-06-17 18:01 - 00108014 ____A C:\Windows\PFRO.log
2012-07-23 21:35 - 2012-07-23 21:35 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 21:05 - 2011-06-17 18:43 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000Core.job
2012-07-23 19:43 - 2012-07-23 12:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 19:43 - 2012-07-08 19:17 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-20 14:52 - 2012-07-20 14:50 - 00017584 ____A C:\Users\Allen\Desktop\2004 VW GTI MPG Record.xlsx
2012-07-17 16:01 - 2009-07-13 21:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-11 07:10 - 2009-07-13 20:45 - 04964272 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:59 - 2011-06-17 19:21 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 12:46 - 2012-07-23 21:34 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 22:19 - 2012-07-02 22:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-06-30 19:46 - 2011-06-17 17:29 - 00107248 ____A C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-30 17:45 - 2012-06-30 17:40 - 00000079 ____A C:\Users\Allen\AppData\Local\CrystalDiskMark30.ini
2012-06-29 19:36 - 2012-01-04 13:23 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-06-29 19:36 - 2012-01-04 13:23 - 00000470 ____A C:\Windows\LkmdfCoInst.log
2012-06-18 18:09 - 2011-07-21 17:21 - 00185340 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-06-14 11:23 - 2012-06-14 11:23 - 00004595 ____A C:\Users\Allen\.recently-used.xbel
2012-06-11 19:08 - 2012-07-11 00:01 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 17:09 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 17:09 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 17:09 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 17:09 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 17:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 17:09 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 17:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 17:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 09:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 09:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 09:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 09:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 09:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 09:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-21 09:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 09:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 09:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:58 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:58 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:58 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:58 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:58 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:58 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 17:09 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 17:09 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 17:09 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 17:09 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 17:09 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 17:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 17:09 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 17:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 17:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2011-06-17 17:44 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-28 23:38 - 2012-05-28 23:38 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-23 17:50 - 2012-07-02 22:11 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-05-23 17:49 - 2012-07-02 22:11 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00569344 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00258048 ____A ((c) PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00200704 ____A ( (c) MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2012-05-23 17:49 - 2012-05-23 17:49 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00131072 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00122880 ____A ((c) MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00110592 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2012-05-23 17:49 - 2012-05-23 17:49 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
2012-05-23 17:49 - 2012-05-23 17:49 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2012-05-23 17:49 - 2012-05-23 17:49 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
2012-05-23 17:49 - 2012-05-23 17:49 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
2012-05-21 16:21 - 2011-08-09 10:39 - 00000218 ____A C:\Windows\SysWOW64\dvmenul.tgz
2012-05-21 16:21 - 2011-08-09 10:39 - 00000204 ____A C:\Windows\SysWOW64\dvmenul.dll
2012-05-21 16:21 - 2011-08-09 10:39 - 00000114 ____A C:\Windows\SysWOW64\prsgrc.tgz
2012-05-21 16:21 - 2011-08-09 10:39 - 00000100 ____A C:\Windows\SysWOW64\prsgrc.dll
2012-05-21 16:21 - 2011-08-09 10:39 - 00000086 ____A C:\Windows\SysWOW64\ssprs.tgz
2012-05-21 16:11 - 2012-05-21 16:11 - 00001025 ____A C:\Windows\SysWOW64\o8rdv6u.tgz
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\o8rdv6u.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\grcauth2.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\grcauth1.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\clauth2.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00001025 ____A C:\Windows\SysWOW64\clauth1.dll
2012-05-21 16:11 - 2011-08-09 10:39 - 00000072 ____A C:\Windows\SysWOW64\ssprs.dll
2012-05-20 18:09 - 2012-07-02 22:12 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-05-20 18:09 - 2012-07-02 22:12 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-05-19 17:00 - 2012-05-19 17:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-05-19 16:59 - 2012-05-19 16:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-05-19 16:59 - 2011-07-11 17:21 - 00009100 ____A C:\Users\Allen\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-19 16:58 - 2012-05-19 16:57 - 00005632 ____A C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-19 16:58 - 2011-07-11 17:21 - 00002464 ____A C:\Users\Allen\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-05-04 03:06 - 2012-06-13 19:11 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 19:11 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 19:11 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 19:11 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 19:11 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


Possible MBR infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8075.23 MB
Available physical RAM: 7267.54 MB
Total Pagefile: 8073.38 MB
Available Pagefile: 7257.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:288.23 GB) (Free:119.58 GB) NTFS
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.48 GB) NTFS
3 Drive f: (ALLEN KIM!!) (Removable) (Total:1.86 GB) (Free:1.57 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1910 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 288 GB 101 MB
Partition 3 Primary 9 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 288 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F ALLEN KIM!! FAT Removable 1909 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-20 10:45

======================= End Of Log ==========================
 
Back to Normal Mode, if you can. If not, let me know...

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
Thank you and sorry for the late reply.

As for the logs,

Scan Log:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Allen [Admin rights]
Mode: Scan -- Date: 07/25/2012 15:02:49

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 9 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : IBM (RUNDLL32.EXE C:\Users\Allen\AppData\Local\IBM\wznnpbul.dll,DllGetClassObject) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1124499093-1064903183-2403554625-1000[...]\Run : IBM (RUNDLL32.EXE C:\Users\Allen\AppData\Local\IBM\wznnpbul.dll,DllGetClassObject) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS723232A7A364 ATA Device +++++
--- User ---
[MBR] f711cf7d403edaf95edd8b4e85ac5abc
[BSP] 61077817eae46cf7f38892c25b19f0fc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 295143 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 5032c853a603b235230bf1bc18fc1fed
[BSP] 61077817eae46cf7f38892c25b19f0fc : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 295143 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt


Delete Log:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Allen [Admin rights]
Mode: Remove -- Date: 07/25/2012 15:04:05

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : IBM (RUNDLL32.EXE C:\Users\Allen\AppData\Local\IBM\wznnpbul.dll,DllGetClassObject) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Allen\AppData\Local\{0774f8a3-82f5-b94f-3287-01de714cd844}\n.) -> REPLACED (c:\windows\system32\shell32.dll)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS723232A7A364 ATA Device +++++
--- User ---
[MBR] f711cf7d403edaf95edd8b4e85ac5abc
[BSP] 61077817eae46cf7f38892c25b19f0fc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 295143 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 5032c853a603b235230bf1bc18fc1fed
[BSP] 61077817eae46cf7f38892c25b19f0fc : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 295143 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


Shortcut Fix Log:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Allen [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/25/2012 15:06:29

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 30 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 16 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 643 / Fail 0
My documents: Success 2 / Fail 0
My favorites: Success 5 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 481 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 91 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review
 
aswMBR Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 07:56:43
-----------------------------
07:56:43.468 OS Version: Windows x64 6.1.7601 Service Pack 1
07:56:43.468 Number of processors: 4 586 0x2A07
07:56:43.468 ComputerName: ALLEN-PC UserName: Allen
07:56:44.378 Initialize success
07:57:04.258 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:57:04.258 Disk 0 Vendor: HITACHI_HTS723232A7A364 EC2ZB70B Size: 305245MB BusType: 11
07:57:04.258 Device \Driver\atapi -> MajorFunction fffffa8007be95e8
07:57:04.258 Disk 0 MBR read successfully
07:57:04.258 Disk 0 MBR scan
07:57:04.258 Disk 0 Windows 7 default MBR code
07:57:04.258 Disk 0 MBR hidden
07:57:04.273 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:57:04.273 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295143 MB offset 206848
07:57:04.304 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
07:57:04.336 Disk 0 scanning C:\Windows\system32\drivers
07:57:11.044 Service scanning
07:57:29.530 Modules scanning
07:57:29.530 Disk 0 trace - called modules:
07:57:30.029 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8007be95e8]<<
07:57:30.029 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800779f790]
07:57:30.029 3 CLASSPNP.SYS[fffff880019bc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074d9680]
07:57:30.029 \Driver\atapi[0xfffffa8007682e70] -> IRP_MJ_CREATE -> 0xfffffa8007be95e8
07:57:30.029 Scan finished successfully
08:18:55.406 Disk 0 MBR has been saved successfully to "C:\Users\Allen\Desktop\MBR.dat"
08:18:55.421 The log file has been saved successfully to "C:\Users\Allen\Desktop\aswMBR.txt"
 
ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
Thanks again.

ComboFix Log:

ComboFix 12-07-27.02 - Allen 07/26/2012 13:05:28.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6591 [GMT -7:00]
Running from: c:\users\Allen\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
c:\programdata\Roaming
c:\users\Allen\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\svchost.exe
c:\windows\SysWow64\dvmenul.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\prsgrc.dll
c:\windows\SysWow64\ssprs.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 20:13 . 2012-07-26 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 21:43 . 2012-07-25 21:43 -------- d-----w- c:\program files (x86)\Brownie
2012-07-25 21:43 . 2004-08-10 07:42 77824 ------w- c:\windows\SysWow64\brlmw03a.dll
2012-07-24 05:49 . 2012-07-24 05:50 -------- d-----w- C:\FRST
2012-07-24 05:35 . 2012-07-24 05:35 -------- d-----w- c:\users\Allen\AppData\Roaming\Malwarebytes
2012-07-24 05:35 . 2012-07-24 05:35 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 05:34 . 2012-07-24 05:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 05:34 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 01:22 . 2012-07-24 01:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-23 20:51 . 2012-07-24 01:33 -------- d-----w- c:\users\Allen\AppData\Local\IBM
2012-07-23 20:45 . 2012-07-24 03:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-20 22:46 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40274E9-7C49-4DB1-98AC-FCDE030EA977}\mpengine.dll
2012-07-11 08:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 01:09 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-09 03:17 . 2012-07-24 03:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2012-07-03 16:21 -------- d-----w- c:\users\Allen\AppData\Local\Samsung
2012-07-03 16:20 . 2012-07-03 16:20 -------- d-----w- c:\users\Allen\AppData\Roaming\Samsung
2012-07-03 06:12 . 2012-05-21 02:09 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-03 06:12 . 2012-05-21 02:09 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-03 06:11 . 2012-05-24 01:50 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-03 06:11 . 2012-07-03 06:11 -------- d-----w- c:\program files (x86)\MarkAny
2012-07-03 06:11 . 2012-05-24 01:49 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-07-03 06:10 . 2012-07-03 06:12 -------- d-----w- c:\program files (x86)\Samsung
2012-07-03 06:10 . 2012-07-03 06:11 -------- d-----w- c:\programdata\Samsung
2012-07-01 01:40 . 2012-07-01 01:40 -------- d-----w- c:\program files\CrystalDiskMark
2012-06-28 02:20 . 2012-06-28 02:20 -------- d-----w- c:\program files (x86)\ETS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 07:59 . 2011-06-18 03:21 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-30 03:36 . 2012-01-04 21:23 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 22:19 . 2012-06-21 17:53 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 17:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:53 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 17:53 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 17:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 17:52 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 17:53 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2011-06-18 01:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 07:38 . 2012-05-29 07:38 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-24 01:49 . 2012-05-24 01:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-05-24 01:49 . 2012-05-24 01:49 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-05-24 01:49 . 2012-05-24 01:49 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-05-24 01:49 . 2012-05-24 01:49 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-05-24 01:49 . 2012-05-24 01:49 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-05-24 01:49 . 2012-05-24 01:49 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-05-24 01:49 . 2012-05-24 01:49 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-05-24 01:49 . 2012-05-24 01:49 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-05-24 01:49 . 2012-05-24 01:49 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-05-24 01:49 . 2012-05-24 01:49 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-05-24 01:49 . 2012-05-24 01:49 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-05-24 01:49 . 2012-05-24 01:49 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-05-24 01:49 . 2012-05-24 01:49 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-05-24 01:49 . 2012-05-24 01:49 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-05-24 01:49 . 2012-05-24 01:49 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-05-24 01:49 . 2012-05-24 01:49 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-05-24 01:49 . 2012-05-24 01:49 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-05-24 01:49 . 2012-05-24 01:49 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-05-24 01:49 . 2012-05-24 01:49 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-05-24 01:49 . 2012-05-24 01:49 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-05-24 01:49 . 2012-05-24 01:49 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-05-24 01:49 . 2012-05-24 01:49 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-05-24 01:49 . 2012-05-24 01:49 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-05-24 01:49 . 2012-05-24 01:49 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-05-20 00:59 . 2012-05-20 00:59 413696 ----a-r- c:\users\Allen\AppData\Roaming\Microsoft\Installer\{4229F016-3A60-439E-B626-DE4BD457469F}\ARPPRODUCTICON.exe
2012-05-04 11:06 . 2012-06-14 03:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:11 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 03:11 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 03:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-30 958392]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-05-30 529880]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 116648]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 250056]
R3 ALSysIO;ALSysIO;c:\users\Allen\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 116648]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SilvrLnk;SilverLink (USB GraphLink) Cable;c:\windows\system32\DRIVERS\silvrlnk.sys [2009-09-10 129536]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-18 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\users\Allen\Desktop\Tools\hw64_382\HWiNFO64A.SYS [2011-05-23 28032]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-05-30 1154008]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-03-23 101376]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-12-01 358576]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-30 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 03:43]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 02:08]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 02:08]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000Core.job
- c:\users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 02:43]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000UA.job
- c:\users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 02:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-08 416024]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\z6s1jhtu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TNOD UP - c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b7,c9,1a,3f,4e,69,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\windows\SysWOW64\SAsrv.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Completion time: 2012-07-26 13:22:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 20:22
.
Pre-Run: 128,505,057,280 bytes free
Post-Run: 128,429,641,728 bytes free
.
- - End Of File - - A3B2CD56612440513C5C03BEF71A7553
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    Rootkit::
    c:\\.\globalroot\systemroot\svchost.exe
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
ComboFix Log:

ComboFix 12-07-27.03 - Allen 07/27/2012 12:06:00.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6258 [GMT -7:00]
Running from: c:\users\Allen\Desktop\ComboFix.exe
Command switches used :: c:\users\Allen\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Allen\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 19:11 . 2012-07-27 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 21:43 . 2012-07-25 21:43 -------- d-----w- c:\program files (x86)\Brownie
2012-07-25 21:43 . 2004-08-10 07:42 77824 ------w- c:\windows\SysWow64\brlmw03a.dll
2012-07-24 05:49 . 2012-07-24 05:50 -------- d-----w- C:\FRST
2012-07-24 05:35 . 2012-07-24 05:35 -------- d-----w- c:\users\Allen\AppData\Roaming\Malwarebytes
2012-07-24 05:35 . 2012-07-24 05:35 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 05:34 . 2012-07-24 05:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 05:34 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 01:22 . 2012-07-24 01:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-23 20:51 . 2012-07-24 01:33 -------- d-----w- c:\users\Allen\AppData\Local\IBM
2012-07-23 20:45 . 2012-07-27 18:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-20 22:46 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40274E9-7C49-4DB1-98AC-FCDE030EA977}\mpengine.dll
2012-07-11 08:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 01:09 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-09 03:17 . 2012-07-27 18:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2012-07-03 16:21 -------- d-----w- c:\users\Allen\AppData\Local\Samsung
2012-07-03 16:20 . 2012-07-03 16:20 -------- d-----w- c:\users\Allen\AppData\Roaming\Samsung
2012-07-03 06:12 . 2012-05-21 02:09 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-03 06:12 . 2012-05-21 02:09 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-03 06:11 . 2012-05-24 01:50 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-03 06:11 . 2012-07-03 06:11 -------- d-----w- c:\program files (x86)\MarkAny
2012-07-03 06:11 . 2012-05-24 01:49 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-07-03 06:10 . 2012-07-03 06:12 -------- d-----w- c:\program files (x86)\Samsung
2012-07-03 06:10 . 2012-07-03 06:11 -------- d-----w- c:\programdata\Samsung
2012-07-01 01:40 . 2012-07-01 01:40 -------- d-----w- c:\program files\CrystalDiskMark
2012-06-28 02:20 . 2012-06-28 02:20 -------- d-----w- c:\program files (x86)\ETS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 07:59 . 2011-06-18 03:21 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-30 03:36 . 2012-01-04 21:23 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 22:19 . 2012-06-21 17:53 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 17:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:53 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 17:53 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 17:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 17:52 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 17:53 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2011-06-18 01:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 07:38 . 2012-05-29 07:38 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-24 01:49 . 2012-05-24 01:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-05-24 01:49 . 2012-05-24 01:49 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-05-24 01:49 . 2012-05-24 01:49 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-05-24 01:49 . 2012-05-24 01:49 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-05-24 01:49 . 2012-05-24 01:49 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-05-24 01:49 . 2012-05-24 01:49 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-05-24 01:49 . 2012-05-24 01:49 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-05-24 01:49 . 2012-05-24 01:49 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-05-24 01:49 . 2012-05-24 01:49 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-05-24 01:49 . 2012-05-24 01:49 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-05-24 01:49 . 2012-05-24 01:49 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-05-24 01:49 . 2012-05-24 01:49 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-05-24 01:49 . 2012-05-24 01:49 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-05-24 01:49 . 2012-05-24 01:49 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-05-24 01:49 . 2012-05-24 01:49 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-05-24 01:49 . 2012-05-24 01:49 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-05-24 01:49 . 2012-05-24 01:49 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-05-24 01:49 . 2012-05-24 01:49 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-05-24 01:49 . 2012-05-24 01:49 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-05-24 01:49 . 2012-05-24 01:49 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-05-24 01:49 . 2012-05-24 01:49 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-05-24 01:49 . 2012-05-24 01:49 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-05-24 01:49 . 2012-05-24 01:49 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-05-24 01:49 . 2012-05-24 01:49 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-05-20 00:59 . 2012-05-20 00:59 413696 ----a-r- c:\users\Allen\AppData\Roaming\Microsoft\Installer\{4229F016-3A60-439E-B626-DE4BD457469F}\ARPPRODUCTICON.exe
2012-05-04 11:06 . 2012-06-14 03:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:11 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 03:11 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-26_20.15.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-27 19:12 . 2012-07-27 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-26 20:14 . 2012-07-26 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 19:12 . 2012-07-27 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-26 20:14 . 2012-07-26 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-27 19:11 495756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-26 20:14 495756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-18 03:23 . 2012-07-27 19:11 8889571 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1124499093-1064903183-2403554625-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-30 958392]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-05-30 529880]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 116648]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ALSysIO;ALSysIO;c:\users\Allen\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 116648]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SilvrLnk;SilverLink (USB GraphLink) Cable;c:\windows\system32\DRIVERS\silvrlnk.sys [2009-09-10 129536]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-18 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\users\Allen\Desktop\Tools\hw64_382\HWiNFO64A.SYS [2011-05-23 28032]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-05-30 1154008]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-03-23 101376]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-12-01 358576]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-30 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 18:43]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 02:08]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 02:08]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000Core.job
- c:\users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 02:43]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124499093-1064903183-2403554625-1000UA.job
- c:\users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 02:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-08 416024]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\z6s1jhtu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b7,c9,1a,3f,4e,69,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\windows\SysWOW64\SAsrv.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Completion time: 2012-07-27 12:20:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 19:20
ComboFix2.txt 2012-07-26 20:22
.
Pre-Run: 129,057,206,272 bytes free
Post-Run: 128,837,025,792 bytes free
.
- - End Of File - - DEFAF8E4B6EE12D6004742FC9AB95289
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
DragonMasterJay, thanks again for everything. For the latest step, I was unable to successfully run the ESET online scanner. Is there an alternative scanner that I could use?
 
Please run the F-Secure Online Scanner
  • Accept the License Agreement and check the box. Then click on Run Check.
  • fsecurescan.png
  • It will ask you to Run the Java plugin. Please confirm.
  • Once the download completes, the window for the scanner will launch.
  • Please confirm anymore prompts, and then select Full Scan.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • It will run its cleaning.
  • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
 
[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Sunday, July 29, 2012 13:40:34 - 14:22:37[/FONT]

Computer name: ALLEN-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
[FONT=Arial]8 malware found[/FONT]

TrackingCookie.2o7(spyware)
  • System (Disinfected)
TrackingCookie.Atdmt(spyware)
  • System (Disinfected)
TrackingCookie.Doubleclick(spyware)
  • System (Disinfected)
TrackingCookie.Fastclick(spyware)
  • System (Disinfected)
TrackingCookie.Webtrends(spyware)
  • System (Disinfected)
Trojan.Generic.3823570(virus)
  • C:\USERS\ALLEN\DOWNLOADS\ROLLERCOASTERTYCOON 1 FULL\JUGAR SPANISH.EXE (Renamed & Submitted)
Trojan.Generic.2982764(virus)
  • C:\USERS\ALLEN\DOWNLOADS\ROLLERCOASTERTYCOON 1 FULL\PLAY ENGLISH.EXE (Renamed & Submitted)
Gen:Variant.Barys.6082(virus)
  • C:\USERS\ALLEN\APPDATA\LOCAL\IBM\WZNNPBUL.DLL (Renamed & Submitted)
[FONT=Arial]Statistics[/FONT]

Scanned:
  • Files: 118020
  • System: 6674
  • Not scanned: 237
Actions:
  • Disinfected: 5
  • Renamed: 3
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 3
Files not scanned:
  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\WINDOWS\CSC\V2.0.6\TEMP\EA-{004897D6-9947-11E0-8A6D-A1A7408B06C1}
  • C:\WINDOWS\CSC\V2.0.6\PQ
  • C:\USERS\ALLEN\APPDATA\LOCAL\TEMP\HSPERFDATA_ALLEN\5988
  • C:\USERS\ALLEN\APPDATA\LOCAL\TEMP\HSPERFDATA_ALLEN\3348
  • C:\SYSTEM VOLUME INFORMATION\{18B01905-D6A4-11E1-9E3E-F0DEF164C254}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{8D9D632F-D80A-11E1-95A8-F0DEF164C254}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\QOOBOX\BACKENV\VIKPEV00
  • C:\QOOBOX\BACKENV\SETPATH.BAT
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00D12FEE4A058C6865C33008405C76AC_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00E85FC1FD3AC4DBF5CD9565D042623E_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0194A519BA04A8225783464608A03479_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0252BF9A620768AE01AD1E0986D6E026_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\034A0EDDD4052070DB698C4B3A83D85A_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03460FA7FFBCB916D3A705597AF6B8DA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0527039EAFD47933D6A42C5B435EF2E8_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\061306F3B70A84B9A74BE76B7C65AB04_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06AF7354A81E3FB50C853F25B9272C19_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\070129D74CB29CA43E73A41CB67FFF14_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\094C40B100A81B5BBCE596D3C9C2E441_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A27AECCB7A52CD31A49CA20B8C7618C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A9490291489DC5A2336013F44AEE3B1_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AD06996BBFC65AFEE2A9C976228D3B7_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B1FDA78E03E95CA2112E30E5C8DC771_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CEED76F2A22BB84FBC830442B1E1E84_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E7C2C2A00A1EB6A2A67471A82231098_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F109010712B465C4ABB86F2A93EF4DE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F8409266B788E5A9B21D51004E0C44B_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F842AFBAAECB6BFDD2781196CA8709F_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F9912AF855555D8E45801503BE1EFAE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1314C95D011BF9F396F9C7BEF057FB51_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\143BE418E4D67FFA646ADC2B78EF7832_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14BA4C330DDB6341F23AE4EF0AE9F0C8_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\160C282F67669102A89938E29C195A36_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15C98A3B1A9919F228155D8246A5DC0A_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\17217116D3755E4443AE8877D1860514_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1741F4474E6D342FBA5BA628C8F06748_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A34F5C6B859A49263EFB066BE0EF7B1_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\180DFCF738B910E2CC853114270588F5_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A59CB502DBFA0A6E6C892A33CC49F33_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C01C7417AD3420EBEA78A37A27AF5E0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D16EE935DB9CFDD3E3B744392695CA8_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D8C982C3656AF839296EE86765C5CA9_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E420E297721A2B342EFA63037B38E02_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1ED45A3D5C6B7154FB6D3DEA3F93359A_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F092C95B0C6C43EFA644DCBB7A1E56C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20849BC9B3970E5662C7DCC6960A31F9_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\209F4EDEF05252B96A13198F880C2FE2_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\230F6B8690FD53171DC585831DC4C63E_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\258016F711CB06D5483F13168E7333CE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\264CACDFD35B74606037DE0D37E9DBF0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\277C2420A7B42ACC589C4D016109DC92_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\279D3890A03C6BD138FEDB8BB870858F_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\27B47340C6B01949211256CC433E86B8_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\299CFBB12FE07764312A86E2B4877F77_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\284EBB7B2F0ABFF94914442CE20A39BE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A27458EEC60BED2249C57B6B0EA5085_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A8C17C0EA7F1D2A3D7255B185360CC5_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BECB95FF043A897B5984184471CB9DD_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CB7E7C5CCD277EBAC2F127D179F9B8C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BF7F7EBAEFB687904640071392917AA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E8124AF18831BD808B22F980170B937_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2EDFC5BE101F4EB6A89FC3CE7CA470E2_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3055697A39FB3DCE7A1C03B2565DF095_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\334F96EBEBB5B6E87F2CEEBEE13BE179_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\347914BB1767E25F87F91DBC2631D562_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\356C5DAB661C9BED71EA3F7D64FF0C18_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37A1A07B806D50E281FF484EBAC57F33_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38AC992460DDC957988AB7F37D392F7E_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38E19762D68B2E45CCBF36CB682BCFDF_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39CA8E312AD2A2361537E5702016C3ED_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3985731B52A709774D1A8BA65CFDE98D_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39D0ABA8F54E5952192F35F788A2EC0F_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CEDA557E7617E7C4529E4638C78F651_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DBD7037D4F42755817DB9DD48F0B91D_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DD2C45A09488795BE12839266F0BCA1_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F10D0F3FD740FCE68234771EBDE1BDF_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\431919747B89F303B186D79ED3D58EA4_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43E20BEEC912356DF63A5805AE7DC975_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\443953CD9B2ED7E2B144C2B59A63F6BC_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46FA8C0C3658AA31B5CEDFBE0C8F671A_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\476ACAEFA74D0BC7B93079C2CAB2A661_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A6EEE1B2C2F78A7AF86C9881ADF5983_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5619A2A5CFB6F1C495403A0700F3E2DA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F8A88BCC61FD9EA0128CECADEE11A76_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\597A8DB4EA413A77B5B76AA6232F28B4_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5633C1BCD02F5A6C1E4EDFC8E83E1441_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B01B4C16E5B9DD07E7067C5424804C0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CC84895A73C599E13212AE47508ADC4_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E26861F60063817D8499363E4B096BA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F8E42417162C26B812D47624F09AFB7_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60E7DA2C517CE0F30D633782FE93DFBA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6093B046A5C9564446B549A415D858BF_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\618763416AACEB8AB9500BBFE1E43418_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61E5EEA41A6F6002DECDCCBD07B0C585_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61EFD5A740A9D2950F792ABB214EA536_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63AED7AA322A67F20FEF45833E6259F5_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61945A17B41733E0AB1E4D82F0236730_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\651D717C31B0D6960428FCEAB6B8368C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\653A4E76A4D25BC9DF7BF04D22899E67_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6806616A77462D99533DE1D087F093B9_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66FF5DFB6A6804359E67F43E56F07FC0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\662D5B341D645C78FA6058C9B67A9400_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69BDF26C358EFF3ACDA2F17FFAA09592_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68D3677B6FAC2DE2841F579CBA947B9C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\692B01398E69979348150E11B9AD9965_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AC547E96610EDAD5B0C3D38A18D69A8_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CCFC41DCA107CCF9588118945A94340_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CDC23653FA71F25AAD51314F298FB50_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C8132FCAE16D4CFF3A24BC0D41CF334_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F3DCFBCA4BECF0DA2561746292FAC11_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D45926D39619EBA23082B2F07797BF2_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7316FCA84A3E8B872F6C9BC2ACCCB33C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71C9D52A0864BC7910220E6FDED58E1E_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7326C42FD6EA451AE67FAAB6F6B6AAAD_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7970C261A1F7DA00C23C67D2AA27693C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7AD2C0409FCBB11DEC38E5E28EAF7D65_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C5EEE6CAA4932B3B5D150DDEF4F5116_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E970A2F03DDC7555AC8BFB6D1BBF178_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F256F5E77E5B534658818CE03AD8142_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8048D7D052843F272017147FFF906050_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8190F3FA2D3AB6859E0C0D00B34E74FE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8271C91C3CFDE5573317083EEA432C61_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82D80B9413FE78214438475E892D2BE2_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8050C17E822FC8B557AE65A53DBA72EC_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\844E05B6268106363EF78EB3D86D2811_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8452F0966EFD93630A987FCEEE9D3229_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\856F8CE9D24F3351A2606F3BF598E184_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85A1F5C90C17EF51C4F49BB7CE39EAE0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87B3526E806314442D1EBF2134A95EBB_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\888F65B23FADEA12CBC28B0235347252_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\897F870722B9EC1B3D9C248B304CB47F_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86917C75B9A7FEE480C3D46ADC86035D_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BB9387049CF8CD8810D13D6ED4AC98C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D780B5ED4A9683B140E4C470E497BBE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9066893254C5F134FCE2069DD4ECECAC_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9199D8714B44C6AB74A1790F79723771_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92B6E59CF556FF53DD11883653FC85AE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\951F326BCC4D81064EA9DC0E7326AAA0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94C231642AB745844F9AD648CC4604AA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\959211CDD9D68619EA3367B7B5B86538_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9706B0218E436666FB15B4B152BD647B_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9709151B63C8CA722436C09D640025B7_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D02262CB11D0BF8950202063535B98C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98693EE5E18556516EBB4560536ED016_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\971326247D00B8A46D5D71696BDA9373_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D4A9E32F5DC0AC9C4526F5A5450874B_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A03C5CECA7358BA0287E0649518A1E75_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F5C0C14ECE0CF11794EAB2335250698_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC234F63F10D6AADB4F7EEFC53C43311_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3F9656553C8CA9367A3A23CF0F459CC_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC5E229DFB02F424D12374B04C50B729_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC7BBF2273B6B4FEB50D20D2C6F5E628_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A65B4E8435EDF0C84CE1D853D7C552B9_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5BD9671F3C8A221EE543C61358BDCA7_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE9C35111C7EA1B62B2DF21498265F39_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2CD012BFD8A08FFC25F6BDBFE732D5C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B35FC47EF6891137E61C66681388EDA1_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3FA8005020D78B1EA4B499F899084ED_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B713B68EA88842B1295D074EADA07088_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6BB837F2A35B5A6D411B62D87444F9E_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B75233254CA02070B14ECC67B6935C02_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7B49379275573C7871ACAF8C7C0D642_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B94780DA96D63A611D50970728BB4AE0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA6DA2BD187211DD295A42CEEA56FBB4_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA9C2EA736B55F813DD959A7707D75A2_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC6C70333F4CF7896712D8B8F98610EB_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF2B0D97E9BB400BD95EBAABCC51759B_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE463ABCD46059DC7482FB3EF6F6AC33_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C08B268D229C362DB61D5D83A00B7C4D_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF765BF388B58AF203A7F953417277D0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C31445FA007D94A94BD97D09ED1092CA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C86D36EE324778162893FFCD1D3AB195_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C955CE433DA6984BDDE33F95EF8C2C73_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2A350FF04B07404126AAD1D54211240_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C183322E8DAB3E8283DFCDB1A82F448B_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1F72E225DC3859D80D3BA247FFD8533_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9B89EEF2150AE87AA76E65B0A58A28E_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CAD15EA77AB8EC8FDC105FC106A6BCC0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB38BE80D3BA6954422BD3C62E0B8FAE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC7BE49B6948F5221FA1B6DEF9BCB560_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF5223C96289438380E0688DA2D80377_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1F038A954813B34A17E84E2FD258D39_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D32915D971EDD958E5514BC22192DCE0_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D93512C23AD0927294A12B02277F2B11_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5737321B15DCAB709E64D9E6CCEF4AA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D97A05A3AF1B193BF423C5B801C71391_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA5B53D124FEEBB7E492D03301CA23DC_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBA49199CF15AC369D2F09C08C7A16CE_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE3E6AE107BB561FF1D63CAB20915B04_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF9C8FFB4E1449189CCAE512D254244C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E10637DA04ECCFBB0204FA52B4AF6B67_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1542D47A973219EA9E2F6C17D999067_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E68D4DFBF5D5D8032B965994611240B3_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E62367E234CA2C92E31DB694F3E144F2_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5834D6FE3B7C1D6521B63764A18DCEA_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E765758AB8E1549A783B673C1D50C8DD_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E72E603E9BBA54F5C972DBCDC51A78CD_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E91D4C0D19FD94DA871CC693B7E75DCC_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9FD136C4EDE2560F936F5EAFF6C2D97_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB19E090FD706AB1A19826426982A03F_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA568AC29F64E9BA9C9F8BD94F97BF60_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB74BE9D788136C4566906B48987C76B_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC83E700BC70A6EACD162F95912BCBF1_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC787948D49C570663BE2BEA247A5844_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECD207D4EAB71F493AE3BBDFF380CD60_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED263F8CA475DC74632FD4B049134B86_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9CF6973734EBF6523628A6566377411_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3B6E79C0F6D133C93A473D55E55AEED_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDBBB2B8617A7822D9CD09872399E23D_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6642A97F8E877CA98A2AC046C1AC9DF_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB0B08FE615A96D5CF20FA1C1E4F1EFF_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC6C06B78E57E64A644431C261745B0C_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE0AF52265A78B9E2821F089B9D4FD2A_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB060D555091DE20BBC64509019B56FD_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDB5B4B0323A642A18B73F8EEA98D729_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF390B20F8D2698895C96DD0564D12E8_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFCC3DAE7D41738CB11CF724E5DDDA5F_AB8D9523-967B-4284-918C-4ACEEE2711DA
  • C:\FRST\QUARANTINE\DESKTOP.INI
  • C:\FRST\QUARANTINE\SERVICES.EXE
  • C:\FRST\QUARANTINE\{0774F8A3-82F5-B94F-3287-01DE714CD844}\{0774F8A3-82F5-B94F-3287-01DE714CD844}\N
[FONT=Arial]Options[/FONT]

Scanning engines: Scanning options:
  • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
  • Use advanced heuristics
 
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Back