Anyone good with combo fix logs ?

Big Jim

Big Jim

Well-Known Member
Reaction score
183
Location
Derbyshire, UK
Have what seems to be a bit of a nasty infection here, and I am not sure what combo fix is telling me.

Does combofix replace files after it has detected them missing and does it automatically disinfect files it detcts as infected, have never seen combofix do this before :)

Code: 
ComboFix 14-05-10.01 - Hughes 20/05/2014  13:50:03.2.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4091.1720 [GMT 1:00]
Running from: c:\users\Hughes\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TEMP
c:\users\Niki\AppData\Roaming\Ovidyg
.
.
.
c:\windows\SysWow64\sfcfiles.dll . . . is missing!!
.
c:\windows\System32\dllhost.exe . . . is infected!!
.
c:\windows\system32\drivers\null.sys . . . is missing!!
.
c:\windows\system32\drivers\afd.sys . . . is missing!!
.
c:\windows\system32\drivers\ndis.sys . . . is missing!!
.
c:\windows\system32\drivers\ndisuio.sys . . . is missing!!
.
c:\windows\system32\drivers\netbios.sys . . . is missing!!
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
c:\windows\system32\drivers\tcpip.sys . . . is missing!!
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
c:\windows\system32\drivers\asyncmac.sys . . . is missing!!
.
c:\windows\system32\drivers\cdrom.sys . . . is missing!!
.
c:\windows\system32\drivers\Serial.sys . . . is missing!!
.
c:\windows\system32\drivers\ndproxy.sys . . . is missing!!
.
c:\windows\system32\drivers\ws2ifsl.sys . . . is missing!!
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
c:\windows\system32\drivers\psched.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SrvUpdater
-------\Service_CertPropSvc
-------\Service_gpsvc
-------\Service_iphlpsvc
-------\Service_MSiSCSI
-------\Service_SCPolicySvc
-------\Service_SessionEnv
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-20 to 2014-05-20  )))))))))))))))))))))))))))))))
.
.
2014-05-20 13:08 . 2014-05-20 13:08	--------	d-----w-	c:\users\Niki\AppData\Local\temp
2014-05-20 13:08 . 2014-05-20 13:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-20 09:38 . 2014-05-20 09:38	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-13 18:35 . 2014-05-18 17:38	--------	d-----w-	c:\users\Niki\AppData\Roaming\Puyzu
2014-05-13 18:35 . 2014-05-15 12:53	--------	d-----w-	c:\users\Niki\AppData\Roaming\Eshuce
2014-05-13 17:10 . 2014-05-18 17:38	--------	d-----w-	c:\users\Niki\AppData\Roaming\Zuanq
2014-05-11 15:28 . 2014-05-11 15:28	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B2229EC-4D9E-4DE4-80A8-CE45DBDD201F}\offreg.dll
2014-05-10 18:09 . 2014-05-10 18:09	--------	d-----w-	c:\users\Niki\AppData\Roaming\ProductData
2014-05-09 17:21 . 2014-05-09 17:21	--------	d-----w-	c:\users\Hughes\AppData\Roaming\ProductData
2014-04-21 09:34 . 2014-04-14 19:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 09:10 . 2011-06-29 16:14	1027584	----atw-	c:\windows\SysWow64\SearchIndexer.exe
2014-05-20 09:09 . 2011-07-03 13:47	672256	----atw-	c:\windows\SysWow64\msiexec.exe
2014-05-15 12:33 . 2012-04-08 10:58	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 12:33 . 2011-08-25 17:19	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 17:10 . 2013-11-20 13:03	0	----a-w-	c:\users\Niki\mspej.exe
2014-02-22 20:52 . 2014-02-22 20:52	715038	----a-w-	c:\windows\unins000.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-05-20 . B937D33DB7317502407A736400EE900D . 1157632 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
[7] 2010-08-20 . 8547491BE7086EE317163365D83A37D2 . 559104 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[7] 2009-07-14 . 89E8550C5862999FCF482EA562B0E98E . 558080 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[-] 1601-01-01 . B937D33DB7317502407A736400EE900D . 0 . . [6.1.7600.16385] . . c:\windows\System32\spoolsv.exe
.
.
.
.
.
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[7] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[7] 2013-11-20 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] . . c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2013-11-20 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[7] 2013-11-20 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 . 06EF177FE7FEBB1314E42F568FCB55A3 . 3958128 . . [6.1.7600.16973] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntkrnlpa.exe
[7] 2012-03-06 . 3B237D98A0DFC9395C7D97E33AA38ACF . 3971440 . . [6.1.7600.21163] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntkrnlpa.exe
[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe
[7] 2011-04-09 . 83515CDDB47B08F65F1EC7451778C3CD . 3967360 . . [6.1.7600.20941] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe
[7] 2011-04-09 . EEDB427EAC109E0711642B65C229BC59 . 3957632 . . [6.1.7600.16792] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe
[7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe
[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe
[7] 2010-08-30 . 20926A3F64BFFCD92BAA5ECE9D65CC4A . 3954568 . . [6.1.7600.16539] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe
[7] 2010-08-30 . FC781D4359B553D62CBAD9F658E68784 . 3954568 . . [6.1.7600.20655] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe
[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
.
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
[-] 2014-05-20 . 91ED516F6FCE184CED91B26F0046B061 . 790528 . . [11.00.9600.16428] . . c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[-] 2014-05-20 . 56D2E502C0B0AC2CBFE23955A6E8B3BE . 1390592 . . [11.00.9600.16428] . . c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[7] 2011-06-09 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] . . c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[7] 2011-06-09 . F1424C1B9B1813BF825E45DF3790BC8A . 754480 . . [9.00.8112.16421] . . c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[7] 2011-02-24 . E1BBDE0F187194D4B08335234A4B9FC7 . 696592 . . [8.00.7600.16766] . . c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[7] 2011-02-24 . B4881B8F6EDB48CABD44BCC9FB5475C4 . 696592 . . [8.00.7600.20908] . . c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[7] 2011-02-24 . AB2BB40A5FE49AD236791AC22BD08869 . 673040 . . [8.00.7600.20908] . . c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[7] 2011-02-24 . C6697A46554E36541E81182B258A19D6 . 673040 . . [8.00.7600.16766] . . c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[7] 2010-12-18 . 700B40EA39DFB25517A81032F03D6D20 . 696592 . . [8.00.7600.16722] . . c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[7] 2010-12-18 . 8C6C32E4AF8A3D7155656F5897C504E0 . 696592 . . [8.00.7600.20861] . . c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[7] 2010-12-18 . AA08B68EF4E35EFA170CF85A44B23B70 . 673040 . . [8.00.7600.16722] . . c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[7] 2010-12-18 . 9321CF0D023528C71E3645F8433C86C8 . 673040 . . [8.00.7600.20861] . . c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[7] 2010-11-20 . 86257731DDB311FBC283534CC0091634 . 695056 . . [8.00.7601.17514] . . c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] . . c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[7] 2009-07-14 . F2B0D41E1D08D0B2006DF5AA2E74C81E . 696600 . . [8.00.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
c:\windows\System32\drivers\asyncmac.sys ... is missing !!
c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\drivers\kbdclass.sys ... is missing !!
c:\windows\System32\drivers\ndis.sys ... is missing !!
c:\windows\System32\drivers\ntfs.sys ... is missing !!
c:\windows\System32\drivers\null.sys ... is missing !!
c:\windows\System32\drivers\tcpip.sys ... is missing !!
c:\windows\System32\browser.dll ... is missing !!
c:\windows\System32\lsass.exe ... is missing !!
c:\windows\System32\netman.dll ... is missing !!
c:\windows\System32\qmgr.dll ... is missing !!
c:\windows\System32\rpcss.dll ... is missing !!
c:\windows\System32\services.exe ... is missing !!
c:\windows\System32\spoolsv.exe ... is missing !!
c:\windows\System32\winlogon.exe ... is missing !!
c:\windows\System32\wuauclt.exe ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
c:\windows\System32\sfcfiles.dll ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
c:\windows\System32\schedsvc.dll ... is missing !!
c:\windows\System32\ssdpsrv.dll ... is missing !!
c:\windows\System32\termsrv.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}]
2014-02-07 15:36	115840	----a-w-	c:\program files (x86)\bttb\bttbX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{aba8d0e6-0d4d-4cb8-836a-04d69824b108}"= "c:\program files (x86)\bttb\bttbX.dll" [2014-02-07 115840]
.
[HKEY_CLASSES_ROOT\clsid\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2012-01-04 08:58	442880	----a-w-	c:\windows\System32\ntshrui.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R?2 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [14/07/2009 15:27 631808]
R0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys --> c:\windows\system32\drivers\amdxata.sys [?]
R0 CLFS;Common Log (CLFS);c:\windows\system32\CLFS.sys --> c:\windows\system32\CLFS.sys [?]
R0 CNG;CNG;c:\windows\system32\Drivers\cng.sys --> c:\windows\system32\Drivers\cng.sys [?]
R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys --> c:\windows\system32\drivers\fileinfo.sys [?]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\system32\DRIVERS\fvevol.sys --> c:\windows\system32\DRIVERS\fvevol.sys [?]
R0 hwpolicy;Hardware Policy Driver;c:\windows\system32\drivers\hwpolicy.sys --> c:\windows\system32\drivers\hwpolicy.sys [?]
R0 KSecPkg;KSecPkg;c:\windows\system32\Drivers\ksecpkg.sys --> c:\windows\system32\Drivers\ksecpkg.sys [?]
R0 LHDmgr;LHDmgr;c:\windows\system32\DRIVERS\LhdX64.sys --> c:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys --> c:\windows\system32\drivers\mfewfpk.sys [?]
R0 msahci;msahci;c:\windows\system32\drivers\msahci.sys --> c:\windows\system32\drivers\msahci.sys [?]
R0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys --> c:\windows\system32\drivers\msisadrv.sys [?]
R0 pcw;Performance Counters for Windows Driver;c:\windows\system32\drivers\pcw.sys --> c:\windows\system32\drivers\pcw.sys [?]
R0 rdyboost;ReadyBoost;c:\windows\system32\drivers\rdyboost.sys --> c:\windows\system32\drivers\rdyboost.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\Drivers\SmartDefragDriver.sys --> c:\windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 spldr;Security Processor Loader Driver;c:\windows\system32\drivers\spldr.sys --> c:\windows\system32\drivers\spldr.sys [?]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys --> c:\windows\system32\drivers\vdrvroot.sys [?]
R0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys --> c:\windows\system32\drivers\volmgr.sys [?]
R0 volmgrx;Dynamic Volume Manager;c:\windows\system32\drivers\volmgrx.sys --> c:\windows\system32\drivers\volmgrx.sys [?]
R1 {42e50651-9669-456e-9081-d5a836274274}w64;{42e50651-9669-456e-9081-d5a836274274}w64;c:\windows\system32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys --> c:\windows\system32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys [?]
R1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys --> c:\windows\system32\DRIVERS\blbdrive.sys [?]
R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys --> c:\windows\system32\Drivers\dfsc.sys [?]
R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys --> c:\windows\system32\drivers\discache.sys [?]
R1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys --> c:\windows\system32\drivers\nsiproxy.sys [?]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys --> c:\windows\system32\drivers\rdpencdd.sys [?]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys --> c:\windows\system32\drivers\rdprefmp.sys [?]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys --> c:\windows\system32\DRIVERS\wanarp.sys [?]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys --> c:\windows\system32\DRIVERS\wfplwf.sys [?]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14/07/2009 00:19 20992]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [14/07/2009 00:19 20992]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14/07/2009 00:19 20992]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalService [14/07/2009 00:19 20992]
R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [25/11/2013 11:20 328928]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [14/07/2009 00:19 20992]
R2 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
R2 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [30/08/2010 14:01 1101824]
R2 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [30/08/2010 14:01 1171456]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys --> c:\windows\system32\DRIVERS\lltdio.sys [?]
R2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys --> c:\windows\system32\drivers\luafv.sys [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [10/02/2014 22:55 714240]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [25/11/2013 11:20 769536]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [25/11/2013 11:20 328928]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [25/11/2013 11:20 328928]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [24/01/2011 19:35 25824]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [25/11/2013 11:21 1025712]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [15/03/2011 18:36 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [14/07/2009 00:19 20992]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [14/07/2009 00:19 20992]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [14/07/2009 00:19 20992]
R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys --> c:\windows\system32\drivers\peauth.sys [?]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [14/07/2009 00:19 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [14/07/2009 00:19 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [14/07/2009 00:19 20992]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [01/06/2011 17:42 14088]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys --> c:\windows\system32\drivers\tcpipreg.sys [?]
R2 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe --> c:\windows\system32\UI0Detect.exe [?]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
R2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [22/09/2010 18:10 652800]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys --> c:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys --> c:\windows\system32\drivers\AtihdW76.sys [?]
R3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys --> c:\windows\system32\DRIVERS\bowser.sys [?]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys --> c:\windows\system32\drivers\CompositeBus.sys [?]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys --> c:\windows\system32\drivers\dxgkrnl.sys [?]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [14/07/2009 00:19 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [14/07/2009 00:19 20992]
R3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys --> c:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys --> c:\windows\system32\drivers\mfefirek.sys [?]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys --> c:\windows\system32\DRIVERS\mfencbdc.sys [?]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys --> c:\windows\system32\DRIVERS\monitor.sys [?]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys --> c:\windows\system32\drivers\mpsdrv.sys [?]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys --> c:\windows\system32\DRIVERS\mrxsmb10.sys [?]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys --> c:\windows\system32\DRIVERS\mrxsmb20.sys [?]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys --> c:\windows\system32\DRIVERS\nwifi.sys [?]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [14/07/2009 00:19 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys --> c:\windows\system32\DRIVERS\AgileVpn.sys [?]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys --> c:\windows\system32\DRIVERS\rdpdispm.sys [?]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [14/07/2009 00:19 20992]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys --> c:\windows\system32\DRIVERS\srv2.sys [?]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys --> c:\windows\system32\DRIVERS\srvnet.sys [?]
R3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys --> c:\windows\system32\drivers\umbus.sys [?]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\system32\DRIVERS\vwifibus.sys --> c:\windows\system32\DRIVERS\vwifibus.sys [?]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [14/07/2009 00:19 20992]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys --> c:\windows\system32\DRIVERS\WDMirror.sys [?]
S2 0200211400511884mcinstcleanup;McAfee Application Installer Cleanup (0200211400511884);c:\windows\TEMP\020021~1.EXE -cleanup -nolog --> c:\windows\TEMP\020021~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [18/03/2010 15:27 732160]
S2 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe /V --> c:\windows\system32\IEEtwCollector.exe  [?]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [15/02/2014 10:30 2152736]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [25/11/2013 11:20 328928]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe --> c:\windows\system32\sppsvc.exe [?]
S2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe --> c:\windows\system32\Wat\WatAdminSvc.exe [?]
S2 wbengine;Block Level Backup Engine Service;"c:\windows\system32\wbengine.exe" --> c:\windows\system32\wbengine.exe [?]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys --> c:\windows\system32\drivers\1394ohci.sys [?]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys --> c:\windows\system32\drivers\acpipmi.sys [?]
S3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys --> c:\windows\system32\DRIVERS\adp94xx.sys [?]
S3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys --> c:\windows\system32\DRIVERS\adpahci.sys [?]
S3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys --> c:\windows\system32\drivers\amdsata.sys [?]
S3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys --> c:\windows\system32\DRIVERS\amdsbs.sys [?]
S3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys --> c:\windows\system32\drivers\appid.sys [?]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14/07/2009 00:19 20992]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [14/07/2009 00:19 20992]
S3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys --> c:\windows\system32\DRIVERS\arcsas.sys [?]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys --> c:\windows\system32\DRIVERS\bxvbda.sys [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys --> c:\windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [14/07/2009 00:19 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys --> c:\windows\system32\DRIVERS\BrFiltLo.sys [?]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys --> c:\windows\system32\DRIVERS\BrFiltUp.sys [?]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys --> c:\windows\system32\drivers\WDBridge.sys [?]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\Drivers\Brserid.sys --> c:\windows\system32\Drivers\Brserid.sys [?]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys --> c:\windows\system32\Drivers\BrSerWdm.sys [?]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys --> c:\windows\system32\Drivers\BrUsbMdm.sys [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys --> c:\windows\system32\drivers\cfwids.sys [?]
S3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys --> c:\windows\system32\DRIVERS\circlass.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [13/07/2009 21:37 684032]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [14/07/2009 00:19 20992]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys --> c:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys --> c:\windows\system32\DRIVERS\evbda.sys [?]
S3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys --> c:\windows\system32\DRIVERS\elxstor.sys [?]
S3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys --> c:\windows\system32\drivers\filetrace.sys [?]
S3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys --> c:\windows\system32\drivers\FsDepends.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.Sys [07/03/2013 16:37 37344]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys --> c:\windows\system32\DRIVERS\ggflt.sys [?]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys --> c:\windows\system32\drivers\hcw85cir.sys [?]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys --> c:\windows\system32\drivers\HipShieldK.sys [?]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
S3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys --> c:\windows\system32\drivers\HpSAMD.sys [?]
S3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys --> c:\windows\system32\drivers\iaStorV.sys [?]
S3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys --> c:\windows\system32\drivers\IPMIDrv.sys [?]
S3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys --> c:\windows\system32\drivers\msiscsi.sys [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys --> c:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [14/07/2009 00:19 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [14/07/2009 00:19 20992]
S3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys --> c:\windows\system32\DRIVERS\lsi_fc.sys [?]
S3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys --> c:\windows\system32\DRIVERS\lsi_sas.sys [?]
S3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys --> c:\windows\system32\DRIVERS\lsi_sas2.sys [?]
S3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys --> c:\windows\system32\DRIVERS\lsi_scsi.sys [?]
S3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys --> c:\windows\system32\DRIVERS\megasas.sys [?]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys --> c:\windows\system32\DRIVERS\mfencrk.sys [?]
S3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys --> c:\windows\system32\drivers\mpio.sys [?]
S3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys --> c:\windows\system32\drivers\msdsm.sys [?]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\system32\drivers\mshidkmdf.sys --> c:\windows\system32\drivers\mshidkmdf.sys [?]
S3 MsRPC;MsRPC;c:\windows\system32\drivers\MsRPC.sys --> c:\windows\system32\drivers\MsRPC.sys [?]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys --> c:\windows\system32\DRIVERS\MTConfig.sys [?]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys --> c:\windows\system32\DRIVERS\ndiscap.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys --> c:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys --> c:\windows\system32\DRIVERS\nfrd960.sys [?]
S3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys --> c:\windows\system32\drivers\nvstor.sys [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\SysWOW64\perfhost.exe [14/07/2009 00:11 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [14/07/2009 00:19 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [14/07/2009 00:19 20992]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys --> c:\windows\system32\DRIVERS\ql2300.sys [?]
S3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys --> c:\windows\system32\DRIVERS\ql40xx.sys [?]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys --> c:\windows\system32\DRIVERS\rdpbus.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys --> c:\windows\system32\DRIVERS\scfilter.sys [?]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14/07/2009 00:19 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys --> c:\windows\system32\drivers\sffp_mmc.sys [?]
S3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys --> c:\windows\system32\DRIVERS\sisraid4.sys [?]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys --> c:\windows\system32\DRIVERS\smb.sys [?]
S3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [02/04/2013 15:19 155824]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [14/07/2009 00:19 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys --> c:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys --> c:\windows\system32\DRIVERS\stexstor.sys [?]
S3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
S3 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [14/07/2009 00:19 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [14/07/2009 00:19 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [03/07/2011 14:49 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys --> c:\windows\system32\DRIVERS\tssecsrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys --> c:\windows\system32\drivers\tsusbflt.sys [?]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys --> c:\windows\system32\DRIVERS\tunnel.sys [?]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys --> c:\windows\system32\drivers\uliagpkx.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys --> c:\windows\system32\Drivers\usbaapl64.sys [?]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys --> c:\windows\system32\drivers\usbcir.sys [?]
S3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
S3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys --> c:\windows\system32\drivers\vhdmp.sys [?]
S3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys --> c:\windows\system32\DRIVERS\vsmraid.sys [?]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys --> c:\windows\system32\DRIVERS\wacompen.sys [?]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [14/07/2009 00:19 20992]
S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [14/07/2009 00:19 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [14/07/2009 00:19 20992]
S3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys --> c:\windows\system32\DRIVERS\wd.sys [?]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [14/07/2009 00:19 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [14/07/2009 00:19 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [14/07/2009 00:19 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [14/07/2009 00:17 19008]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [14/07/2009 00:19 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14/07/2009 00:19 20992]
S3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys --> c:\windows\system32\DRIVERS\wsvd.sys [?]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14/07/2009 00:19 20992]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
S4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14/07/2009 00:19 20992]
S4 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14/07/2009 00:19 20992]
S4 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [14/07/2009 00:19 20992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch	REG_MULTI_SZ   	Power PlugPlay DcomLaunch
wcssvc	REG_MULTI_SZ   	WcsPlugInService
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
LogonHours
PCAudit
helpsvc
uploadmgr
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
AeLookupSvc
Appinfo
BDESVC
BITS
Browser
EapHost
hkmsvc
IKEEXT
LanmanServer
MMCSS
ProfSvc
Schedule
seclogon
ShellHWDetection
Themes
wercplsupport
Winmgmt
wuauserv
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-07-14 01:14	278528	----a-w-	c:\windows\System32\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-15 12:34	1077576	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 14:52]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 10:10]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 10:10]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
.
.
------- File Associations -------
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
HKLM-Explorer_Run-1619626931 - c:\progra~3\mspej.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
HKLM_ActiveSetup-{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - c:\program files (x86)\Windows Mail\WinMail.exe OCInstallUserConfigOE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-20 14:33
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\CMI-CreateHive{BD6FA63F-599C-4F99-99DE-A05742AA2377}\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,9f,6c,e1,40,25,8a,46,b4,d2,a3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,9f,6c,e1,40,25,8a,46,b4,d2,a3,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2014-05-20  14:44:30 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-20 13:44
.
Pre-Run: 339,520,761,856 bytes free
Post-Run: 339,466,334,208 bytes free
.
- - End Of File - - 7DBDB5C883FECF1FBCC01593E07013D7
A36C5E4F47E84449FF07ED3517B43A31


Code: 
2014-02-22 20:44:41 853  [PROGRESS] ForceDirectory "C:\Users" exists,SetFileAttributes NORMAL

2014-02-22 20:44:41 853  [PROGRESS] ForceDirectory "C:\Users\Hughes" exists,SetFileAttributes NORMAL

2014-02-22 20:44:41 853  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData" exists,SetFileAttributes NORMAL

2014-02-22 20:44:41 853  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming" exists,SetFileAttributes NORMAL

2014-02-22 20:44:42 275  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit" exists,SetFileAttributes NORMAL

2014-02-22 20:44:42 275  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster" exists,SetFileAttributes NORMAL

2014-02-22 20:44:42 275  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster\Logs" exists,SetFileAttributes NORMAL

2014-02-22 20:45:02 690  [PROGRESS] ForceDirectory "C:\Users" exists,SetFileAttributes NORMAL

2014-02-22 20:45:02 690  [PROGRESS] ForceDirectory "C:\Users\Hughes" exists,SetFileAttributes NORMAL

2014-02-22 20:45:02 690  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData" exists,SetFileAttributes NORMAL

2014-02-22 20:45:02 690  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming" exists,SetFileAttributes NORMAL

2014-02-22 20:45:02 690  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit" exists,SetFileAttributes NORMAL

2014-02-22 20:45:02 690  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster" exists,SetFileAttributes NORMAL

2014-02-22 20:45:02 690  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster\Logs" exists,SetFileAttributes NORMAL

2014-04-10 16:09:57 187  [PROGRESS] ForceDirectory "C:\Users" exists,SetFileAttributes NORMAL

2014-04-10 16:09:57 187  [PROGRESS] ForceDirectory "C:\Users\Hughes" exists,SetFileAttributes NORMAL

2014-04-10 16:09:57 187  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData" exists,SetFileAttributes NORMAL

2014-04-10 16:09:57 187  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming" exists,SetFileAttributes NORMAL

2014-04-10 16:09:57 187  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit" exists,SetFileAttributes NORMAL

2014-04-10 16:09:57 187  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster" exists,SetFileAttributes NORMAL

2014-04-10 16:09:57 187  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster\Logs" exists,SetFileAttributes NORMAL

2014-04-10 16:10:46 998  [PROGRESS] ForceDirectory "C:\Users" exists,SetFileAttributes NORMAL

2014-04-10 16:10:46 998  [PROGRESS] ForceDirectory "C:\Users\Hughes" exists,SetFileAttributes NORMAL

2014-04-10 16:10:46 998  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData" exists,SetFileAttributes NORMAL

2014-04-10 16:10:46 998  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming" exists,SetFileAttributes NORMAL

2014-04-10 16:10:46 998  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit" exists,SetFileAttributes NORMAL

2014-04-10 16:10:46 998  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster" exists,SetFileAttributes NORMAL

2014-04-10 16:10:46 998  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster\Logs" exists,SetFileAttributes NORMAL

2014-05-09 18:28:17 860  [PROGRESS] ForceDirectory "C:\Users" exists,SetFileAttributes NORMAL
2014-05-09 18:28:17 860  [PROGRESS] ForceDirectory "C:\Users\Hughes" exists,SetFileAttributes NORMAL
2014-05-09 18:28:17 860  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData" exists,SetFileAttributes NORMAL
2014-05-09 18:28:17 860  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming" exists,SetFileAttributes NORMAL
2014-05-09 18:28:17 860  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit" exists,SetFileAttributes NORMAL
2014-05-09 18:28:17 860  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster" exists,SetFileAttributes NORMAL
2014-05-09 18:28:17 860  [PROGRESS] ForceDirectory "C:\Users\Hughes\AppData\Roaming\IObit\Driver Booster\Logs" exists,SetFileAttributes NORMAL
 
You must log in or register to reply here.

Similar threads

NETWizz
Routing and DNS Gymnastics... Technibble
Replies
0
Views
836
NETWizz
NETWizz
pctutor
Anyone good at reading ComboFix logs?
Replies
8
Views
2K
pctutor
pctutor
M
Help with paint mixing system PC
Replies
9
Views
2K
MobileTechie
M
F
  • Locked
Windows startup and programs run slow and unstable
Replies
3
Views
1K
Porthos
Porthos
I
Any idea if this is a rootkit (TDSS or ZeroAccess)?
Replies
13
Views
5K
citizensmith
citizensmith
Back
Top