AngryHatter
2011-05-04, 07:32
History:
Yesterday (Monday 5/2) while working I got a BSOD.
When I rebooted, I saw MSE reacting to something... "scanning" and then another BSOD.
Rebooting again, I finally hit esc fast enough to stop the scan and saw the name, "Alureon." After googling it, I downloaded TDSS killer from Kaperskys site. That program froze at 80% initialized.
I got Spybot to run and it detected ClickGiftLoad. I clicked to remove.
After a reboot, Spybot will again detect it.
The only symptoms I am aware of are not being able to update Windows files through the service - I can and have updated manually. Also the internal layout of folders looks different.
I use I.E. only for work purposes and had no trouble that I am aware of.
Registry is backed up as per instructions.
Thank you in advance for your time, I do appreciate the help.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Test at 22:08:31.93 on Tue 05/03/2011
Internet Explorer: 9.0.8112.16421
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Users\Test\Desktop\AAAA\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hp-laptop.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows
live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R? Amazon Download Agent;Amazon Download Agent
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? Com4QLBEx;Com4QLBEx
R? EASEUS Agent;EASEUS Agent
R? GPWADrv;Service for L6 GuitarPort Driver (WDM)
R? JmtFltr;n52te
R? L6DP;L6DP
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? MpKsl192f0e0a;MpKsl192f0e0a
R? MpKsl68dcf48d;MpKsl68dcf48d
R? MpKsl851cdb6f;MpKsl851cdb6f
R? MpKslfa0b0224;MpKslfa0b0224
R? MpNWMon;Microsoft Malware Protection Network Driver
R? osppsvc;Office Software Protection Platform
R? SplashtopRemoteService;Splashtopr Remote Service
R? SROMwtDrv_USB_Vid_05ca_Pid_1870;Driver for SROM Writer(USB_Vid_05ca_Pid_1870)
R? SSUService;Splashtop Software Updater Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? EUBAKUP;EUBAKUP
S? EUBKMON;EUBKMON
S? EUDISK;EASEUS Disk Enumerator
S? EUDSKACS;EUDSKACS
S? EUFS;EUFS
S? FontCache;Windows Font Cache Service
S? HWiNFO32;HWiNFO32 Kernel Driver
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl10cb483c;MpKsl10cb483c
S? NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? RVIEGVST;VSC VST Engine
.
=============== Created Last 30 ================
.
2066-10-07 21:07:50 307200 ------w- c:\program files\microsoft games\combat flight simulator 3\backup\cfsres.A485.dll
2011-05-04 04:42:41 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0ae8bb46-1540-4eaf-9b20-2fb4bc6ecf96}
\MpKsl10cb483c.sys
2011-05-03 06:17:58 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{111c75ba-85eb-4fd9-89d3-bad792ff291d}\mpengine.dll
2011-05-03 03:59:01 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-03 01:26:35 7071056 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0ae8bb46-1540-4eaf-9b20-2fb4bc6ecf96}
\mpengine.dll
2011-05-03 01:17:35 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{de10bcbb-1362-4671-8cab-5ddfd5c1a888}
\gapaengine.dll
2011-05-03 00:48:47 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-03 00:24:47 188808 ----a-w- c:\windows\system32\drivers\eudisk.sys
2011-05-03 00:24:45 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
2011-05-03 00:24:43 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-05-03 00:24:42 31112 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-05-03 00:24:39 37256 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-05-03 00:24:21 18824 ----a-w- c:\windows\system32\fbnative.exe
2011-05-03 00:24:05 -------- d-----w- c:\program files\EASEUS
2011-05-02 21:56:54 72185736 ----a-w- c:\users\test\tb_home.exe
2011-05-02 17:01:10 972992 ----a-w- c:\users\test\diskcheckup.exe
2011-05-02 15:44:23 -------- d-----w- c:\progra~2\mL02400JgJmN02400
2011-04-27 05:43:15 529871 ----a-w- c:\users\test\tribunal_v1.4.1313.exe
2011-04-27 05:02:00 435586 ----a-w- c:\users\test\Bloodmoon_v1.6.1820.exe
2011-04-25 05:03:17 -------- d-----w- c:\program files\KaDonk
2011-04-25 03:54:22 -------- d-----w- c:\progra~2\Splashtop
2011-04-25 03:52:49 -------- d-----w- c:\program files\Splashtop
2011-04-25 03:51:18 -------- d-----w- c:\program files\Downloaded Installations
2011-04-25 03:50:52 11696328 ----a-w- c:\users\test\SplashtopRemote_Win_v1.3.5.4.EXE
2011-04-19 05:03:44 -------- d-----w- c:\program files\3000AD
2011-04-16 00:58:27 -------- d-----w- c:\program files\SlySoft
2011-04-14 10:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-07 17:06:09 559424 ----a-w- c:\users\test\flux-setup.exe
2011-03-04 19:44:14 133616 ------w- c:\windows\system32\PxAFS.DLL
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-20 10:30:42 19267584 ----a-w- c:\users\test\q2-3.20-x86-full-ctf.exe
2011-02-04 04:01:13 29449725 ----a-w- c:\users\test\q3pointrelease_132.exe
.
============= FINISH: 22:10:13.80 ===============
Yesterday (Monday 5/2) while working I got a BSOD.
When I rebooted, I saw MSE reacting to something... "scanning" and then another BSOD.
Rebooting again, I finally hit esc fast enough to stop the scan and saw the name, "Alureon." After googling it, I downloaded TDSS killer from Kaperskys site. That program froze at 80% initialized.
I got Spybot to run and it detected ClickGiftLoad. I clicked to remove.
After a reboot, Spybot will again detect it.
The only symptoms I am aware of are not being able to update Windows files through the service - I can and have updated manually. Also the internal layout of folders looks different.
I use I.E. only for work purposes and had no trouble that I am aware of.
Registry is backed up as per instructions.
Thank you in advance for your time, I do appreciate the help.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Test at 22:08:31.93 on Tue 05/03/2011
Internet Explorer: 9.0.8112.16421
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Users\Test\Desktop\AAAA\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hp-laptop.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows
live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R? Amazon Download Agent;Amazon Download Agent
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? Com4QLBEx;Com4QLBEx
R? EASEUS Agent;EASEUS Agent
R? GPWADrv;Service for L6 GuitarPort Driver (WDM)
R? JmtFltr;n52te
R? L6DP;L6DP
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? MpKsl192f0e0a;MpKsl192f0e0a
R? MpKsl68dcf48d;MpKsl68dcf48d
R? MpKsl851cdb6f;MpKsl851cdb6f
R? MpKslfa0b0224;MpKslfa0b0224
R? MpNWMon;Microsoft Malware Protection Network Driver
R? osppsvc;Office Software Protection Platform
R? SplashtopRemoteService;Splashtopr Remote Service
R? SROMwtDrv_USB_Vid_05ca_Pid_1870;Driver for SROM Writer(USB_Vid_05ca_Pid_1870)
R? SSUService;Splashtop Software Updater Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? EUBAKUP;EUBAKUP
S? EUBKMON;EUBKMON
S? EUDISK;EASEUS Disk Enumerator
S? EUDSKACS;EUDSKACS
S? EUFS;EUFS
S? FontCache;Windows Font Cache Service
S? HWiNFO32;HWiNFO32 Kernel Driver
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl10cb483c;MpKsl10cb483c
S? NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? RVIEGVST;VSC VST Engine
.
=============== Created Last 30 ================
.
2066-10-07 21:07:50 307200 ------w- c:\program files\microsoft games\combat flight simulator 3\backup\cfsres.A485.dll
2011-05-04 04:42:41 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0ae8bb46-1540-4eaf-9b20-2fb4bc6ecf96}
\MpKsl10cb483c.sys
2011-05-03 06:17:58 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{111c75ba-85eb-4fd9-89d3-bad792ff291d}\mpengine.dll
2011-05-03 03:59:01 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-03 01:26:35 7071056 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0ae8bb46-1540-4eaf-9b20-2fb4bc6ecf96}
\mpengine.dll
2011-05-03 01:17:35 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{de10bcbb-1362-4671-8cab-5ddfd5c1a888}
\gapaengine.dll
2011-05-03 00:48:47 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-03 00:24:47 188808 ----a-w- c:\windows\system32\drivers\eudisk.sys
2011-05-03 00:24:45 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
2011-05-03 00:24:43 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-05-03 00:24:42 31112 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-05-03 00:24:39 37256 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-05-03 00:24:21 18824 ----a-w- c:\windows\system32\fbnative.exe
2011-05-03 00:24:05 -------- d-----w- c:\program files\EASEUS
2011-05-02 21:56:54 72185736 ----a-w- c:\users\test\tb_home.exe
2011-05-02 17:01:10 972992 ----a-w- c:\users\test\diskcheckup.exe
2011-05-02 15:44:23 -------- d-----w- c:\progra~2\mL02400JgJmN02400
2011-04-27 05:43:15 529871 ----a-w- c:\users\test\tribunal_v1.4.1313.exe
2011-04-27 05:02:00 435586 ----a-w- c:\users\test\Bloodmoon_v1.6.1820.exe
2011-04-25 05:03:17 -------- d-----w- c:\program files\KaDonk
2011-04-25 03:54:22 -------- d-----w- c:\progra~2\Splashtop
2011-04-25 03:52:49 -------- d-----w- c:\program files\Splashtop
2011-04-25 03:51:18 -------- d-----w- c:\program files\Downloaded Installations
2011-04-25 03:50:52 11696328 ----a-w- c:\users\test\SplashtopRemote_Win_v1.3.5.4.EXE
2011-04-19 05:03:44 -------- d-----w- c:\program files\3000AD
2011-04-16 00:58:27 -------- d-----w- c:\program files\SlySoft
2011-04-14 10:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-07 17:06:09 559424 ----a-w- c:\users\test\flux-setup.exe
2011-03-04 19:44:14 133616 ------w- c:\windows\system32\PxAFS.DLL
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-20 10:30:42 19267584 ----a-w- c:\users\test\q2-3.20-x86-full-ctf.exe
2011-02-04 04:01:13 29449725 ----a-w- c:\users\test\q3pointrelease_132.exe
.
============= FINISH: 22:10:13.80 ===============