Well let me explain first i got a microsoft security essential message come up saying potentialy harmful or unwanted material has been detected cleaning system no action required.After it cleaned the file every time i started up the computer it would say the same thing and i noticed i could not access the guest account and my browser loaded slow so i downloaded malewarebytes and ran it after quarentine and deletion of the files it kept finding the same thing with every scan.alwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.orgDatabase version: v2012.06.07.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ghost :: GHOST-PC [administrator]
Protection: Disabled
6/7/2012 9:36:03 PM
mbam-log-2012-06-07 (21-36-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222461
Time elapsed: 3 minute(s), 5 second(s)
Memory Processes Detected: 1
C:\Users\Guest\Documents\DCSCMIN\IMDCSC.exe (Backdoor.Agent.DC) -> 4544 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Skila (Backdoor.Agent.DC) -> Data: C:\Users\ghost\Documents\DCSCMIN\IMDCSC.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\ghost\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
Files Detected: 7
C:\Users\ghost\AppData\Local\Temp\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\ghost\AppData\Roaming\dclogs\2012-06-03-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\ghost\AppData\Roaming\dclogs\2012-06-04-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\ghost\AppData\Roaming\dclogs\2012-06-05-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\dclogs\2012-06-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\ghost\Documents\DCSCMIN\IMDCSC.exe (Backdoor.Agent.DC) -> Quarantined and deleted successfully.
C:\Users\Guest\Documents\DCSCMIN\IMDCSC.exe (Backdoor.Agent.DC) -> Quarantined and deleted successfully.
(end)DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.0
Run by ghost at 1:34:36 on 2012-06-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6318 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\rundll32.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files (x86)\Lenovo\PlayMovie\PMVService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\explorer.exe
C:\windows\splwow64.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
hxxp://search.babylon.com/?affID=109928 ... def1885671uDefault_Page_URL =
hxxp://www.lenovo.comuInternet Settings,ProxyServer = http=;ftp=;https=;
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
uRun: [Skila] C:\Users\ghost\Documents\DCSCMIN\IMDCSC.exe
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [PlayMovie] "C:\Program Files (x86)\Lenovo\PlayMovie\PMVService.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\ghost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\ghost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\0596E6B644F6C6078696E6D27657563747 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\0596E6B644F6C6078696E6D27657563747 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\2343D273024527166756C6023547F62756 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\2343D273024527166756C6023547F62756 : DhcpNameServer = 192.168.1.3 24.225.5.2 24.225.0.1
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\355707562783 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\355707562783 : DhcpNameServer = 50.57.99.138 66.180.96.12
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\C4574716 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\C4574716 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun-x64: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Lenovo\PlayMovie\PMVService.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ghost\AppData\Roaming\Mozilla\Firefox\Profiles\3ogqljg1.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - prefs.js: keyword.URL -
hxxp://search.babylon.com/?affID=109928 ... 1885671&q=FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109928&tt=100512_3_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 78790f23000000000000f0def1885671
FF - user.js: extensions.BabylonToolbar_i.hardId - 78790f23000000000000f0def1885671
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15474
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:42:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2012/05/13 20:49:28];C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl [2012-5-13 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-7 654408]
R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-9-30 311296]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2012-5-13 69568]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-13 2655768]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-13 257696]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-15 38152]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2012-5-13 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2012-5-13 575304]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\system32\DRIVERS\ssadserd.sys --> C:\windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== Created Last 30 ================
.
2012-06-08 04:01:18 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1CEB8208-15A0-46D4-BB1E-DDDFEC644472}\offreg.dll
2012-06-08 02:46:47 -------- d-----w- C:\Program Files\CCleaner
2012-06-08 02:17:59 -------- d-----w- C:\Users\ghost\AppData\Roaming\dclogs
2012-06-08 01:35:58 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1CEB8208-15A0-46D4-BB1E-DDDFEC644472}\mpengine.dll
2012-06-08 01:34:34 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-08 01:34:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 01:25:25 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-05 18:17:38 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-05 18:17:15 772552 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-06-05 18:17:15 687560 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-06-03 22:37:55 500552 ----a-w- C:\windows\System32\EasyRedirect64.dll
2012-06-03 22:37:55 360264 ----a-w- C:\windows\SysWow64\EasyRedirect.dll
2012-06-03 20:29:02 660480 ----a-w- C:\Users\ghost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe
2012-06-03 20:28:26 -------- d-----w- C:\Users\ghost\AppData\Roaming\C__Users_ghost_Documents_Vuze Downloads_SuperHideIP-3.2.1.6_Crack.exe
2012-06-03 20:28:26 -------- d-----w- C:\ProgramData\C__Users_ghost_Documents_Vuze Downloads_SuperHideIP-3.2.1.6_Crack.exe
2012-06-03 19:07:19 -------- d-----w- C:\Users\ghost\AppData\Roaming\Malwarebytes
2012-06-03 19:06:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-27 17:34:22 -------- d-----w- C:\Users\ghost\AppData\Local\Diagnostics
2012-05-21 18:41:12 -------- d-----w- C:\Users\ghost\AppData\Local\Apple Computer
2012-05-21 18:40:31 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-05-21 18:40:31 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-05-21 18:40:31 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-05-21 18:39:43 -------- d-----w- C:\Program Files\iPod
2012-05-21 18:39:42 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-21 18:39:42 -------- d-----w- C:\Program Files\iTunes
2012-05-21 18:39:42 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-21 18:39:08 -------- d-----w- C:\Users\ghost\AppData\Local\Apple
2012-05-21 18:38:42 -------- d-----w- C:\Program Files\Bonjour
2012-05-21 18:38:42 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-18 16:37:37 708168 ----a-w- C:\windows\System32\WinUSBCoInstaller.dll
2012-05-18 16:37:37 157160 ----a-w- C:\windows\System32\drivers\ssadbus.sys
2012-05-18 16:37:37 15360 ----a-w- C:\windows\System32\drivers\pneteth.sys
2012-05-18 16:37:37 1490656 ----a-w- C:\windows\System32\WdfCoInstaller01007.dll
2012-05-18 16:37:37 13800 ----a-w- C:\windows\System32\drivers\ssadwhnt.sys
2012-05-18 16:37:37 13800 ----a-w- C:\windows\System32\drivers\ssadwh.sys
2012-05-18 16:37:36 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
2012-05-18 12:15:55 -------- d-----w- C:\Users\ghost\AppData\Local\Adobe
2012-05-18 12:10:03 446258 ----a-w- C:\windows\AutoKMS.exe
2012-05-18 12:07:05 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-18 12:06:44 -------- d-----w- C:\windows\PCHEALTH
2012-05-18 12:06:44 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-18 12:05:07 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-18 12:04:26 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-05-18 12:04:09 -------- d-----w- C:\Users\ghost\AppData\Local\Microsoft Help
2012-05-17 15:30:24 295936 ----a-w- C:\windows\SysWow64\appmgr.dll
2012-05-17 15:30:24 -------- d-----w- C:\windows\SysWow64\GPBAK
2012-05-17 14:59:36 369152 ----a-w- C:\windows\System32\hpbrprtmon.dll
2012-05-17 14:59:36 207872 ----a-w- C:\windows\System32\hpbprtmon.dll
2012-05-17 14:59:36 167424 ----a-w- C:\windows\System32\hpbprtmonui.dll
2012-05-17 14:59:33 1654784 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpbfpp1101.dll
2012-05-17 14:58:20 -------- d-----w- C:\ePrint Mobil
2012-05-17 14:58:02 750440 ------w- C:\windows\System32\HPDiscoPM8e11.dll
2012-05-17 14:57:49 -------- d-----w- C:\Program Files (x86)\HP
2012-05-17 14:57:47 -------- d-----w- C:\Program Files\HP
2012-05-17 14:57:39 -------- d-----w- C:\Users\ghost\AppData\Local\HP
2012-05-17 03:08:13 -------- d-----w- C:\windows\SysWow64\sda
2012-05-17 03:07:56 9888360 ----a-w- C:\windows\SysWow64\RtsUVStoricon.dll
2012-05-17 03:07:56 307304 ----a-w- C:\windows\System32\drivers\rtsuvstor.sys
2012-05-17 03:07:56 17512 ----a-w- C:\windows\System32\drivers\diskperf64.sys
2012-05-17 02:59:01 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-17 02:59:01 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-17 02:59:01 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-17 02:59:01 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-17 02:59:01 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-17 02:59:01 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-17 02:59:01 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-17 00:27:07 -------- d-----w- C:\Users\ghost\AppData\Roaming\OpenCandy
2012-05-17 00:26:51 -------- d-----w- C:\Users\ghost\AppData\Roaming\DVDVideoSoftIEHelpers
2012-05-17 00:26:49 2557952 ----a-w- C:\windows\SysWow64\QtCore4.dll
2012-05-17 00:26:46 405176 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-17 00:26:40 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2012-05-17 00:26:40 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2012-05-17 00:25:57 -------- d-----w- C:\Users\ghost\AppData\Roaming\DVDVideoSoft
2012-05-17 00:05:29 -------- d-----w- C:\Users\ghost\AppData\Roaming\SplitScreen
2012-05-16 15:22:58 1251944 ----a-w- C:\windows\RtlExUpd.dll
2012-05-16 15:22:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-05-14 20:34:51 -------- d-----w- C:\Users\ghost\AppData\Local\CyberLink
2012-05-14 19:38:06 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-05-14 19:38:06 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-05-14 18:54:00 -------- d-----w- C:\windows\System32\SPReview
2012-05-14 18:53:39 -------- d-----w- C:\windows\System32\EventProviders
2012-05-14 18:41:59 762880 ----a-w- C:\windows\SysWow64\azroles.dll
2012-05-14 18:40:59 978944 ----a-w- C:\windows\System32\WMSPDMOD.DLL
2012-05-14 18:12:44 2565632 ----a-w- C:\windows\System32\esent.dll
2012-05-14 18:12:44 1699328 ----a-w- C:\windows\SysWow64\esent.dll
2012-05-14 18:12:44 1659776 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-05-14 18:12:43 96768 ----a-w- C:\windows\System32\fsutil.exe
2012-05-14 18:12:43 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2012-05-14 18:12:43 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2012-05-14 18:12:43 189824 ----a-w- C:\windows\System32\drivers\storport.sys
2012-05-14 18:12:43 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2012-05-14 18:12:43 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2012-05-14 18:12:43 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2012-05-14 18:12:42 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2012-05-14 18:11:36 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2012-05-14 18:11:36 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2012-05-14 18:11:35 98816 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2012-05-14 18:11:35 7936 ----a-w- C:\windows\System32\drivers\usbd.sys
2012-05-14 18:11:35 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2012-05-14 18:11:35 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2012-05-14 18:11:35 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2012-05-14 18:11:32 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
2012-05-14 18:11:32 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-05-14 18:11:32 229376 ----a-w- C:\windows\System32\fsquirt.exe
2012-05-14 04:39:36 57952 ----a-w- C:\windows\System32\drivers\fbfmon.sys
2012-05-14 04:39:36 44896 ----a-w- C:\windows\System32\FbDefrag.exe
2012-05-14 04:39:36 23120 ----a-w- C:\windows\System32\drivers\BootVid.dll
2012-05-14 04:39:36 15968 ----a-w- C:\windows\System32\NFbfmon.dll
2012-05-14 04:39:36 13408 ----a-w- C:\windows\System32\drivers\BPntDrv.sys
2012-05-14 04:32:53 -------- d-----w- C:\Users\ghost\AppData\Roaming\Lenovo
2012-05-14 03:59:25 -------- d-----w- C:\Program Files\Intel Corporation
2012-05-14 03:57:55 468480 ----a-w- C:\windows\System32\deployJava1.dll
2012-05-14 03:54:36 -------- d-----w- C:\ProgramData\boost_interprocess
2012-05-14 03:54:08 -------- d-----r- C:\Program Files (x86)\Skype
2012-05-14 03:40:43 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-05-14 03:32:35 -------- d-----w- C:\windows\SysWow64\Wat
2012-05-14 03:32:34 -------- d-----w- C:\windows\System32\Wat
2012-05-14 03:31:27 902656 ----a-w- C:\windows\System32\d2d1.dll
2012-05-14 03:31:27 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2012-05-14 03:31:27 1139200 ----a-w- C:\windows\System32\FntCache.dll
2012-05-14 03:15:31 -------- d-----w- C:\Users\ghost\.swt
2012-05-14 03:15:30 -------- d-----w- C:\Users\ghost\AppData\Roaming\Azureus
2012-05-14 03:14:20 -------- d-----w- C:\Program Files (x86)\Vuze
2012-05-14 03:04:08 -------- d-----w- C:\windows\SysWow64\Adobe
2012-05-14 03:02:59 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 03:02:59 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-14 02:42:10 -------- d-----w- C:\Program Files (x86)\Essentials Codec Pack
2012-05-14 02:41:51 -------- d-----w- C:\Users\ghost\AppData\Local\Babylon
2012-05-14 02:41:49 -------- d-----w- C:\Users\ghost\AppData\Roaming\Babylon
2012-05-14 02:41:49 -------- d-----w- C:\ProgramData\Babylon
2012-05-14 02:26:29 -------- d-----w- C:\Program Files (x86)\RocketDock
2012-05-14 02:16:35 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-05-14 02:16:35 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-05-14 02:16:35 5120 ----a-w- C:\windows\System32\wmi.dll
2012-05-14 02:16:35 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-05-14 02:16:35 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-05-14 02:16:35 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-05-14 02:16:35 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-05-14 02:09:08 961024 ----a-w- C:\windows\System32\CPFilters.dll
2012-05-14 02:09:07 850944 ----a-w- C:\windows\SysWow64\sbe.dll
2012-05-14 02:09:07 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2012-05-14 02:09:07 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2012-05-14 02:09:07 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2012-05-14 02:09:07 1118720 ----a-w- C:\windows\System32\sbe.dll
2012-05-14 02:07:59 212992 ----a-w- C:\windows\System32\odbctrac.dll
2012-05-14 02:06:44 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2012-05-14 02:03:49 421888 ----a-w- C:\windows\System32\KernelBase.dll
2012-05-14 02:02:42 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-05-14 02:02:42 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-05-14 02:00:08 -------- d-----w- C:\Program Files\Common Files\Intel
2012-05-14 02:00:07 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-05-14 01:57:50 -------- d-----w- C:\Program Files\Synaptics
2012-05-14 01:57:33 -------- d-----w- C:\Drivers
2012-05-14 01:43:22 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E569D58A-9F92-4299-9005-FE498005F6A0}\gapaengine.dll
2012-05-14 01:42:43 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-14 01:36:07 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-14 01:36:05 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-14 01:23:57 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-05-14 01:23:55 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-05-14 01:23:55 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-05-14 01:23:55 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-05-14 01:23:54 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-05-14 01:22:46 -------- d-----w- C:\Users\ghost\AppData\Local\PlayMovie
2012-05-13 20:50:36 -------- d-----w- C:\windows\sysprep32
2012-05-13 20:47:50 79376 ----a-w- C:\windows\System32\drivers\WDBridge.sys
2012-05-13 20:47:50 22344 ----a-w- C:\windows\System32\WDMirror.dll
2012-05-13 20:47:50 11280 ----a-w- C:\windows\System32\drivers\WDMirror.sys
2012-05-13 20:47:48 16648 ----a-r- C:\windows\SysWow64\LogAPI.dll
2012-05-13 20:47:02 509224 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-05-13 20:47:02 353576 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-05-13 20:47:02 1066280 ----a-w- C:\windows\SysWow64\mfc71.dll
2012-05-13 20:46:53 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-05-13 20:46:53 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-05-13 20:46:53 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-05-13 20:46:53 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-05-13 20:46:53 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-05-13 20:46:26 -------- d-----w- C:\ProgramData\Lenovo
2012-05-13 20:45:15 39008 ----a-w- C:\windows\System32\drivers\LhdX64.sys
2012-05-13 20:45:13 28176 ----a-w- C:\windows\System32\drivers\AcpiVpc.sys
2012-05-13 20:43:35 279968 ----a-w- C:\windows\System32\LenovoSdk.OKTDLL.dll
2012-05-13 20:35:55 -------- d-----w- C:\Program Files\Desktop
2012-05-13 20:35:54 136704 ----a-w- C:\windows\System32\LenovoRecycleIcon.dll
2012-05-13 20:35:51 -------- d-----w- C:\Temp
2012-05-13 20:35:51 -------- d-----w- C:\Program Files\Lenovo
2012-05-13 20:34:52 8192 ----a-w- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
2012-05-13 20:34:52 8192 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll
2012-05-13 20:34:49 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-05-13 20:30:46 -------- d-----w- C:\Program Files (x86)\Lenovo
2012-05-13 20:30:41 -------- d-sh--w- C:\windows\Installer
2012-05-13 20:28:20 -------- d-----w- C:\Intel
2012-05-13 20:28:19 438808 ----a-w- C:\windows\System32\drivers\iaStor.sys
2012-05-13 20:26:49 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
2012-05-13 20:26:06 488 ----a-w- C:\windows\s.bat
.
==================== Find3M ====================
.
2012-05-14 19:11:24 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-05-14 19:11:24 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-21 00:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-20 03:44:20 5888792 ----a-w- C:\windows\System32\GfxUI.exe
2012-03-20 03:44:20 509720 ----a-w- C:\windows\System32\igfxsrvc.exe
2012-03-20 03:44:20 439064 ----a-w- C:\windows\System32\igfxpers.exe
2012-03-20 03:44:20 398616 ----a-w- C:\windows\System32\hkcmd.exe
2012-03-20 03:44:20 276248 ----a-w- C:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-20 03:44:20 250136 ----a-w- C:\windows\System32\igfxext.exe
2012-03-20 03:44:20 184600 ----a-w- C:\windows\System32\difx64.exe
2012-03-20 03:44:20 170264 ----a-w- C:\windows\System32\igfxtray.exe
2012-03-20 03:42:08 90112 ----a-w- C:\windows\System32\igfxCoIn_v2696.dll
2012-03-20 03:32:04 14745600 ----a-w- C:\windows\System32\drivers\igdkmd64.sys
2012-03-20 03:31:56 8087040 ----a-w- C:\windows\System32\igdumd64.dll
2012-03-20 03:31:16 963912 ----a-w- C:\windows\SysWow64\igkrng600.bin
2012-03-20 03:31:16 963912 ----a-w- C:\windows\System32\igkrng600.bin
2012-03-20 03:31:16 261208 ----a-w- C:\windows\SysWow64\igfcg600m.bin
2012-03-20 03:31:16 261208 ----a-w- C:\windows\System32\igfcg600m.bin
2012-03-20 03:31:14 79360 ----a-w- C:\windows\System32\igdde64.dll
2012-03-20 03:26:56 6120960 ----a-w- C:\windows\SysWow64\igdumd32.dll
2012-03-20 03:25:58 58880 ----a-w- C:\windows\SysWow64\igdde32.dll
2012-03-20 03:22:10 9605632 ----a-w- C:\windows\System32\igd10umd64.dll
2012-03-20 03:11:38 7795200 ----a-w- C:\windows\SysWow64\igd10umd32.dll
2012-03-20 02:31:14 18137088 ----a-w- C:\windows\System32\ig4icd64.dll
2012-03-20 02:21:14 13212672 ----a-w- C:\windows\SysWow64\ig4icd32.dll
2012-03-20 02:17:56 28672 ----a-w- C:\windows\System32\igfxexps.dll
2012-03-20 02:17:46 63488 ----a-w- C:\windows\System32\igfxsrvc.dll
2012-03-20 02:17:22 110592 ----a-w- C:\windows\System32\hccutils.dll
2012-03-20 02:17:14 9216 ----a-w- C:\windows\System32\IGFXDEVLib.dll
2012-03-20 02:17:14 434688 ----a-w- C:\windows\System32\igfxdev.dll
2012-03-20 02:17:14 172032 ----a-w- C:\windows\System32\gfxSrvc.dll
2012-03-20 02:16:40 286208 ----a-w- C:\windows\System32\igfxrenu.lrc
2012-03-20 02:16:38 142336 ----a-w- C:\windows\System32\igfxdo.dll
2012-03-20 02:16:36 9007616 ----a-w- C:\windows\System32\igfxress.dll
2012-03-20 02:12:06 25088 ----a-w- C:\windows\SysWow64\igfxexps32.dll
2012-03-20 02:11:22 325120 ----a-w- C:\windows\SysWow64\igfxdv32.dll
2012-03-20 02:09:08 524800 ----a-w- C:\windows\System32\iglhsip64.dll
2012-03-20 02:09:08 519680 ----a-w- C:\windows\SysWow64\iglhsip32.dll
2012-03-20 02:09:08 2967040 ----a-w- C:\windows\System32\igfxcmjit64.dll
2012-03-20 02:09:08 237056 ----a-w- C:\windows\SysWow64\igfxcmrt32.dll
2012-03-20 02:09:08 2321408 ----a-w- C:\windows\SysWow64\igfxcmjit32.dll
2012-03-20 02:09:08 213504 ----a-w- C:\windows\System32\iglhcp64.dll
2012-03-20 02:09:08 193024 ----a-w- C:\windows\System32\igfxcmrt64.dll
2012-03-20 02:09:08 177152 ----a-w- C:\windows\SysWow64\iglhcp32.dll
2012-03-17 07:58:57 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
.
============= FINISH: 1:35:05.27 ===============
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2012 9:21:29 PM
System Uptime: 6/7/2012 11:59:29 PM (2 hours ago)
.
Motherboard: LENOVO | | Emerald Lake
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 655 GiB total, 603.782 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 27.566 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP28: 6/1/2012 1:47:12 AM - Windows Update
RP29: 6/4/2012 3:04:18 PM - Windows Update
RP30: 6/5/2012 10:01:40 AM - Windows Update
RP31: 6/5/2012 2:16:36 PM - Installed Java(TM) 7 Update 4
RP32: 6/5/2012 2:17:18 PM - Installed JavaFX 2.1.0
RP33: 6/7/2012 9:23:00 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
AviSynth 2.5
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Energy Management
ffdshow [rev 2583] [2009-01-05]
Free Video to MP3 Converter version 5.0.11.508
Free YouTube to MP3 Converter version 3.11.22.508
Haali Media Splitter
HP ePrint Mobile
HP Photosmart Plus B210 series Help
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java(TM) 7 Update 4
JMicron Flash Media Controller Driver
Lenovo DirectShare
Lenovo Games Console
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Lenovo SlideNav
Lenovo SplitScreen
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Onekey Theater
Play Movie
Power2Go
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
Sothink Movie DVD Maker
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Essentials Media Codec Pack 4.0 [64-Bit]
.
==== Event Viewer Messages From Past Week ========
.
6/8/2012 12:01:58 AM, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.
6/7/2012 9:26:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user ghost-PC\Guest SID (S-1-5-21-3892480797-2785981906-2625351531-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/7/2012 9:25:25 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.127.1325.0;1.127.1325.0 Engine version: 1.1.8403.0
6/5/2012 2:01:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
6/1/2012 8:07:02 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
6/1/2012 8:04:06 AM, Error: Microsoft Antimalware [1005] - Microsoft Antimalware scan has encountered an error and terminated. Scan ID: {97E16A85-115E-4F2D-A7F9-E6812190F764} Scan Type: Antimalware Scan Parameters: Custom Scan User: ghost-PC\ghost Error Code: 0x80508023 Error description: The program could not find the malware and other potentially unwanted software on this computer.
6/1/2012 8:03:47 AM, Error: Microsoft Antimalware [1005] - Microsoft Antimalware scan has encountered an error and terminated. Scan ID: {7889F855-3A45-439A-A726-6614B032DB21} Scan Type: Antimalware Scan Parameters: Custom Scan User: ghost-PC\ghost Error Code: 0x80508023 Error description: The program could not find the malware and other potentially unwanted software on this computer.
.
==== End Of File ===========================