joekenorer
2013-11-13, 14:10
I recently downloaded an app called Cool remote on my WP8 phone, and then downloaded the respective server file on my PC, with the intention of controlling my PC via my phone. it wasn't until I decided that I didn't like it that I realized I couldn't find it's uninstall or files on my PC. It then occurred to me that I had likely just opened my PC up to RAT access. Please help me secure and eliminate this problem and I will DEFINITELY donate to SpyBot:S&D development, as I've been using it for a while anyway. Thanks for any and all help. Here's a link to the download site that I got the PC side program from:
http: // coolremote.wordpress.com/download/ Edit- Disabled link
Here's my dds log and zip:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Mike at 21:23:29 on 2013-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8141.5816 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.techadvanced.com
uDefault_Page_URL = hxxp://www.techadvanced.com
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://battlelog.battlefield.com/bf3/sso/Ciyvab0tregdVsBtboIpeChe4G6uzC1v5_-SIxmvSLKYPx36ricFuzmuHs-W1svSz3_RHDOMoi3nJiNT68942tgeUr2x0p0yPFWJM9yWvVZm-18tjiEqqBGf4sattPjJQEQrWXzMK3A4OzTSrC9RpA..
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{DC0A90B1-AA2C-4D67-A605-DD3B3153F037} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-27 05:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-10-27 05:57; jid1-AusxzKACE9lLYQ@jetpack; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\jid1-AusxzKACE9lLYQ@jetpack.xpi
FF - ExtSQL: 2013-10-27 05:59; sumeetkpatel@gmail.com; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\sumeetkpatel@gmail.com.xpi
FF - ExtSQL: 2013-10-27 06:38; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-10-27 06:39; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-27 06:39; jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-13 652344]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-13 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-13 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-13 14904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-3-13 129824]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-20 182088]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-13 166688]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-13 365344]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-13 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-13 791608]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-7-24 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-3-13 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-11 111616]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-2-1 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-2-1 42192]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\Windows\System32\drivers\KORGUM64.SYS [2013-5-31 34136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-13 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-3-13 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-13 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-12 03:08:50 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30A39B2C-2864-4205-9CD5-28CFAB13C9D0}\mpengine.dll
2013-11-11 10:11:22 -------- d-----r- C:\Users\Mike\Podcasts
2013-11-11 10:11:14 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR
2013-11-11 10:11:12 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY
2013-11-11 10:11:10 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID
2013-11-11 10:11:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE
2013-11-11 10:11:08 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO
2013-11-11 10:11:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU
2013-11-11 10:11:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2013-11-11 10:11:05 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR
2013-11-11 10:11:04 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK
2013-11-11 10:11:03 -------- d-----w- C:\Windows\System32\drivers\UMDF\cs-CZ
2013-11-11 10:11:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-TW
2013-11-11 10:11:00 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2013-11-11 10:10:59 -------- d-----w- C:\Windows\System32\drivers\UMDF\pl-PL
2013-11-11 10:10:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN
2013-11-11 10:10:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2013-11-11 10:10:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2013-11-11 10:10:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2013-11-11 10:10:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2013-11-11 10:10:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2013-11-11 10:10:51 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2013-11-11 10:10:50 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2013-11-11 10:10:49 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2013-11-11 08:07:11 -------- d-----w- C:\Users\Mike\AppData\Local\{813682E0-7746-4E8D-8392-27E78AAAD039}
2013-11-11 05:17:56 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-07 03:26:32 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB49498F-6022-41F3-8584-99426A53A86B}\gapaengine.dll
2013-11-05 06:29:36 -------- d-----w- C:\Users\Mike\AppData\Roaming\PC Remote
2013-11-05 06:29:26 -------- d-----w- C:\Program Files (x86)\PC Remote
2013-11-05 03:40:16 -------- d-----w- C:\Program Files (x86)\Windows Phone
2013-11-05 03:34:54 -------- d-----w- C:\ProgramData\Applications
2013-10-29 10:12:40 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2013-10-29 10:12:40 -------- d-----w- C:\Program Files (x86)\CodeSourcery
2013-10-29 10:12:02 -------- d--h--w- C:\Users\Mike\InstallAnywhere
2013-10-29 10:09:21 -------- d-----w- C:\Users\Mike\.Nokia
2013-10-29 10:07:27 -------- d-----w- C:\Program Files (x86)\Common Files\Symbian
2013-10-29 10:04:34 -------- d-----w- C:\Nokia
2013-10-29 10:00:08 -------- d-----w- C:\Perl
2013-10-27 11:29:46 -------- d-----w- C:\ProgramData\Oracle
2013-10-27 11:28:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-27 10:52:52 -------- d-----w- C:\Users\Mike\AppData\Local\Macromedia
2013-10-23 09:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-20 11:27:52 -------- d-----w- C:\Users\Mike\AppData\Local\{8E00EC5D-29F6-43BD-9730-D9EA2338101F}
2013-10-19 03:39:20 -------- d-----w- C:\Program Files (x86)\MacroRecorder
2013-10-18 09:33:20 -------- d-----w- C:\Users\Mike\AppData\Local\Diagnostics
2013-10-18 08:50:32 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-18 08:50:32 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-18 08:50:32 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-18 08:50:32 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-18 08:50:31 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-18 08:50:31 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-18 08:50:31 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
.
==================== Find3M ====================
.
2013-10-27 15:12:52 18286416 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-09 18:27:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 18:27:54 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-18 03:22:42 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-09-18 03:22:42 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-09-18 03:22:42 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2013-09-18 03:22:42 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
2013-09-18 03:22:42 1510176 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-06 17:59:50 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-09-06 17:59:50 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-20 11:24:08 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
.
============= FINISH: 21:24:17.87 ===============
11021
And here's my aswMBR full scan log:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-12 22:19:43
-----------------------------
22:19:43.333 OS Version: Windows x64 6.1.7601 Service Pack 1
22:19:43.333 Number of processors: 4 586 0x3A09
22:19:43.334 ComputerName: BEAST3 UserName: Mike
22:19:44.623 Initialize success
22:19:58.401 AVAST engine defs: 13111200
22:20:01.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
22:20:01.525 Disk 0 Vendor: ATA_____ 1H15 Size: 476940MB BusType: 11
22:20:01.820 Disk 0 MBR read successfully
22:20:01.821 Disk 0 MBR scan
22:20:01.824 Disk 0 Windows 7 default MBR code
22:20:01.848 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
22:20:02.104 Disk 0 scanning C:\Windows\system32\drivers
22:20:24.936 Service scanning
22:20:46.360 Modules scanning
22:20:46.366 Disk 0 trace - called modules:
22:20:46.386 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
22:20:46.388 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007765060]
22:20:46.390 3 CLASSPNP.SYS[fffff880014c143f] -> nt!IofCallDriver -> [0xfffffa8007639b50]
22:20:46.714 5 iaStorF.sys[fffff8800188f9a0] -> nt!IofCallDriver -> \Device\00000061[0xfffffa800716d060]
22:20:48.394 AVAST engine scan C:\
01:55:57.966 File: C:\Users\Mike\Desktop\Mike\Music\DUB\A1 Russko\21 2 N A Q.mp3 **SUSPICIOUS**
02:03:18.413 File: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat{93981612-b341-11e2-b76b-7054d21a5901}.TM.blf **SUSPICIOUS**
02:03:59.819 File: C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini **SUSPICIOUS**
02:07:16.852 File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\345567d66d56f40d81d3c9369a8c1b18\ReachFramework.ni.dll **SUSPICIOUS**
02:07:56.352 File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef36f3c4cd9ee00b718011b9c873720c\System.Web.ni.dll **SUSPICIOUS**
02:27:41.308 File: C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Flash.mpp **SUSPICIOUS**
02:27:53.195 File: C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\MCIMPP.mpp **SUSPICIOUS**
02:28:40.307 File: C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\WindowsMedia.mpp **SUSPICIOUS**
02:43:45.064 File: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Xaml.targets **SUSPICIOUS**
02:46:55.293 File: C:\Windows\Prefetch\ISMAGENT.EXE-486EC459.pf **SUSPICIOUS**
02:48:08.629 File: C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{939815fa-b341-11e2-b76b-806e6f6e6963}.TM.blf **SUSPICIOUS**
02:48:12.170 File: C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{939815fa-b341-11e2-b76b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms **SUSPICIOUS**
02:48:17.848 File: C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b4ab0466-db41-11e2-8053-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms **SUSPICIOUS**
02:52:02.069 File: C:\Windows\servicing\Packages\Package_13_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:52:05.330 File: C:\Windows\servicing\Packages\Package_13_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:53:10.680 File: C:\Windows\servicing\Packages\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
02:53:14.144 File: C:\Windows\servicing\Packages\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.mum **SUSPICIOUS**
02:53:18.714 File: C:\Windows\servicing\Packages\Package_2_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
02:53:22.521 File: C:\Windows\servicing\Packages\Package_2_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.mum **SUSPICIOUS**
02:53:25.984 File: C:\Windows\servicing\Packages\Package_2_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:53:29.369 File: C:\Windows\servicing\Packages\Package_2_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:53:33.597 File: C:\Windows\servicing\Packages\Package_2_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
02:53:36.966 File: C:\Windows\servicing\Packages\Package_2_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.mum **SUSPICIOUS**
02:54:20.955 File: C:\Windows\servicing\Packages\Package_3_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
02:54:24.356 File: C:\Windows\servicing\Packages\Package_3_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.mum **SUSPICIOUS**
02:54:28.361 File: C:\Windows\servicing\Packages\Package_3_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:54:31.640 File: C:\Windows\servicing\Packages\Package_3_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:54:47.881 File: C:\Windows\servicing\Packages\Package_4_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:54:51.136 File: C:\Windows\servicing\Packages\Package_4_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:56:47.620 File: C:\Windows\servicing\Packages\Package_for_KB2799926_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
02:56:50.914 File: C:\Windows\servicing\Packages\Package_for_KB2799926_SP1~31bf3856ad364e35~amd64~~6.1.1.0.mum **SUSPICIOUS**
02:56:54.280 File: C:\Windows\servicing\Packages\Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
02:56:57.678 File: C:\Windows\servicing\Packages\Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.mum **SUSPICIOUS**
02:57:06.407 File: C:\Windows\servicing\Packages\Package_for_KB2808735_SP1~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
02:57:09.540 File: C:\Windows\servicing\Packages\Package_for_KB2808735_SP1~31bf3856ad364e35~amd64~~6.1.1.2.mum **SUSPICIOUS**
02:57:12.837 File: C:\Windows\servicing\Packages\Package_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
02:57:16.172 File: C:\Windows\servicing\Packages\Package_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.mum **SUSPICIOUS**
02:57:20.252 File: C:\Windows\servicing\Packages\Package_for_KB2813170_RTM~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:57:23.618 File: C:\Windows\servicing\Packages\Package_for_KB2813170_RTM~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:57:27.060 File: C:\Windows\servicing\Packages\Package_for_KB2813170_SP1~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:57:30.517 File: C:\Windows\servicing\Packages\Package_for_KB2813170_SP1~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:57:33.909 File: C:\Windows\servicing\Packages\Package_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:57:37.275 File: C:\Windows\servicing\Packages\Package_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:57:41.283 File: C:\Windows\servicing\Packages\Package_for_KB2813347~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
02:57:53.883 File: C:\Windows\servicing\Packages\Package_for_KB2823324_SP1~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
02:57:57.262 File: C:\Windows\servicing\Packages\Package_for_KB2823324_SP1~31bf3856ad364e35~amd64~~6.1.1.1.mum **SUSPICIOUS**
02:58:00.853 File: C:\Windows\servicing\Packages\Package_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.mum **SUSPICIOUS**
02:58:11.047 File: C:\Windows\servicing\Packages\Package_for_KB2835361~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:06:13.389 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_13_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:07:11.540 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
03:07:16.124 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
03:07:19.624 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:07:24.112 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
03:07:41.310 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
03:07:44.583 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:07:52.415 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:08:49.170 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2799926_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
03:08:52.397 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
03:08:57.069 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2808735_SP1~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
03:09:00.325 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
03:09:04.106 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2813170_RTM~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:09:07.710 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2813170_SP1~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:09:11.067 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:09:17.707 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2823324_SP1~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
03:09:21.127 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
04:25:36.030 File: C:\Windows\SysWOW64\Macromed\Flash\plugin.vch **SUSPICIOUS**
04:28:48.443 File: C:\Windows\SysWOW64\msvcp71.dll **SUSPICIOUS**
06:45:54.340 File: C:\Windows\winsxs\Catalogs\1966ef76654c75dce21dc56abef0abd7892f572af9d084abe580867652431a80.cat **SUSPICIOUS**
06:46:02.545 File: C:\Windows\winsxs\Catalogs\2e949dd00cfa531ace75fa4dd19e918ea2f33ae8cdb6c58a67d1742f8278b517.cat **SUSPICIOUS**
06:46:10.595 File: C:\Windows\winsxs\Catalogs\46db34684aa9afe79c9fa7822e9258ae9426e6724b78088034e88330c1593089.cat **SUSPICIOUS**
06:46:19.300 File: C:\Windows\winsxs\Catalogs\7b5960d7654c4f451e3e098b371d354ca69c1f591ee612de3eae2b81c985ecd5.cat **SUSPICIOUS**
06:46:25.181 File: C:\Windows\winsxs\Catalogs\9e12c1238312748772cf53dfc9bfa5b6a2e7e58ba553979b2fe5201392f6ba6d.cat **SUSPICIOUS**
06:46:32.529 File: C:\Windows\winsxs\Catalogs\a86b3589cd4cc20b8d300c1d7599ecbe8df5005c4bef0c4f38dc0bfeebf01d7a.cat **SUSPICIOUS**
06:46:35.836 File: C:\Windows\winsxs\Catalogs\a937ac3d50c197a59686a54a456d6961e2c51381af3da8f7fae1d1ed102019ac.cat **SUSPICIOUS**
06:46:45.305 File: C:\Windows\winsxs\Catalogs\c1f304f9f3a77d01372748ace4180630d1f0713ba3517c5bc5a03ffa2e834a11.cat **SUSPICIOUS**
06:47:05.320 File: C:\Windows\winsxs\Manifests\amd64_10c62133ba63b71681cb70136c1dc157_31bf3856ad364e35_6.1.7601.22280_none_1a52f731ad79c8a4.manifest **SUSPICIOUS**
06:47:09.719 File: C:\Windows\winsxs\Manifests\amd64_1b1a122ae4155daceb8549a97531a576_31bf3856ad364e35_6.1.7601.18062_none_87494051e6d620d0.manifest **SUSPICIOUS**
06:47:12.777 File: C:\Windows\winsxs\Manifests\amd64_1bb1c59d97b21750cc1dfd22877138a1_b77a5c561934e089_6.1.7601.22326_none_1d651898ef676862.manifest **SUSPICIOUS**
06:47:16.084 File: C:\Windows\winsxs\Manifests\amd64_1dafdd3989752adc59acb3169cb4c4ca_31bf3856ad364e35_6.1.7601.22280_none_7f36d293a4b52176.manifest **SUSPICIOUS**
06:47:19.875 File: C:\Windows\winsxs\Manifests\amd64_241e1ee2bc1643b4a2ec4177ad2bf0ba_31bf3856ad364e35_6.1.7601.18113_none_3f9428536788d6b4.manifest **SUSPICIOUS**
06:47:23.666 File: C:\Windows\winsxs\Manifests\amd64_2b03690b944e6c639dc5890b9f674381_31bf3856ad364e35_6.1.7601.22271_none_719df1a0be23859c.manifest **SUSPICIOUS**
06:47:27.503 File: C:\Windows\winsxs\Manifests\amd64_2fb4dd3305498855e571310baf4f17f5_31bf3856ad364e35_6.1.7601.22341_none_b1f6719c6bd9322c.manifest **SUSPICIOUS**
06:47:37.924 File: C:\Windows\winsxs\Manifests\amd64_5bb0419bc2dceec16d00cd2d62bab32f_31bf3856ad364e35_6.1.7601.22272_none_e05cc17eba7595fd.manifest **SUSPICIOUS**
06:47:43.977 File: C:\Windows\winsxs\Manifests\amd64_6e5c77c60b15e5a92b72778653deb5b7_31bf3856ad364e35_6.1.7601.22280_none_ad3b7086e31fb242.manifest **SUSPICIOUS**
06:47:48.438 File: C:\Windows\winsxs\Manifests\amd64_78d2045fb8484c7bf8d18743f80c16d5_31bf3856ad364e35_6.1.7601.18113_none_96d5490de788ee80.manifest **SUSPICIOUS**
06:47:51.855 File: C:\Windows\winsxs\Manifests\amd64_7ae4c1b47fdddb78a37e462ec12ca455_31bf3856ad364e35_6.1.7601.18106_none_735340ae444f203e.manifest **SUSPICIOUS**
06:48:02.369 File: C:\Windows\winsxs\Manifests\amd64_984020bc4647e0133fced4aef3b9012b_31bf3856ad364e35_6.1.7601.22280_none_2032ed9f7e23079e.manifest **SUSPICIOUS**
06:48:05.458 File: C:\Windows\winsxs\Manifests\amd64_986fa3455dc58c289eaf32f8b1784a3e_31bf3856ad364e35_6.1.7600.21490_none_a4537a84316c1e06.manifest **SUSPICIOUS**
06:48:10.450 File: C:\Windows\winsxs\Manifests\amd64_a450469bb87393ab2ebb048302914a92_31bf3856ad364e35_6.1.7601.18105_none_457be4edb908bc15.manifest **SUSPICIOUS**
06:48:18.281 File: C:\Windows\winsxs\Manifests\amd64_cac2d332d342168b2f40290894950ec0_31bf3856ad364e35_6.1.7601.18113_none_37b2b5764a38e39f.manifest **SUSPICIOUS**
06:48:22.119 File: C:\Windows\winsxs\Manifests\amd64_cdec8e4c241d347be214eea8a628418b_31bf3856ad364e35_6.1.7601.22230_none_c288eaaba7849758.manifest **SUSPICIOUS**
06:48:25.801 File: C:\Windows\winsxs\Manifests\amd64_d1e8f71baf4110a55326bcfa6bc80851_31bf3856ad364e35_6.1.7601.22280_none_9e8bad72111f2ec6.manifest **SUSPICIOUS**
06:48:28.999 File: C:\Windows\winsxs\Manifests\amd64_d2c24c62af255ae3fd036cce87cdb2af_31bf3856ad364e35_6.1.7601.18113_none_6a233932bf2c9ae5.manifest **SUSPICIOUS**
06:48:34.895 File: C:\Windows\winsxs\Manifests\amd64_ed5477768951d6b2166332818c455eb9_31bf3856ad364e35_6.1.7601.22271_none_1d3e82ea3c3a1673.manifest **SUSPICIOUS**
06:48:38.561 File: C:\Windows\winsxs\Manifests\amd64_f0624721ed4bcc699fb5852e4c775a18_31bf3856ad364e35_6.1.7600.16977_none_4ac4fe930db2c49f.manifest **SUSPICIOUS**
06:48:43.288 File: C:\Windows\winsxs\Manifests\amd64_fe88709a8deb4f278e87f6a2c5ddce66_31bf3856ad364e35_6.1.7601.18113_none_7ac0716bc806da6f.manifest **SUSPICIOUS**
06:48:48.358 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951.manifest **SUSPICIOUS**
06:48:54.988 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.18113_none_27ac1dcabbfe37b8.manifest **SUSPICIOUS**
06:48:58.077 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.22280_none_27e70a43d5574f14.manifest **SUSPICIOUS**
06:49:25.939 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.4.8112.16476_none_73930f4107c1ebe2.manifest **SUSPICIOUS**
06:49:29.215 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.4.8112.20586_none_7411dc2020e7a79d.manifest **SUSPICIOUS**
06:49:32.693 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16476_none_61a44182bb82c495.manifest **SUSPICIOUS**
06:49:35.907 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.20586_none_62230e61d4a88050.manifest **SUSPICIOUS**
06:49:39.230 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.16476_none_6498015e30922da3.manifest **SUSPICIOUS**
06:49:43.021 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16476_none_d90f9cb780e6d65c.manifest **SUSPICIOUS**
06:49:46.312 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20586_none_d98e69969a0c9217.manifest **SUSPICIOUS**
06:50:02.115 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_ca554865cac3a857.manifest **SUSPICIOUS**
06:50:05.235 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_ca9034dee41cbfb3.manifest **SUSPICIOUS**
06:50:10.352 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..gistry-trustedtypes_31bf3856ad364e35_6.1.7600.16977_none_dfffc71e480f2950.manifest **SUSPICIOUS**
06:50:13.581 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..gistry-trustedtypes_31bf3856ad364e35_6.1.7600.21490_none_e06c9fdf61437a52.manifest **SUSPICIOUS**
06:50:19.291 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7601.18062_none_8c724c74f6b7b8c3.manifest **SUSPICIOUS**
06:50:22.380 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7601.22230_none_8d1a5a560fbecf33.manifest **SUSPICIOUS**
06:50:25.921 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16476_none_f74d18aec9ec2420.manifest **SUSPICIOUS**
06:50:29.212 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20586_none_f7cbe58de311dfdb.manifest **SUSPICIOUS**
06:50:32.598 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.16476_none_bcc7336700aed05c.manifest **SUSPICIOUS**
06:50:35.967 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.20586_none_bd46004619d48c17.manifest **SUSPICIOUS**
06:50:41.318 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9.manifest **SUSPICIOUS**
06:50:44.391 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05.manifest **SUSPICIOUS**
06:50:53.470 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_172530ffb11d766c.manifest **SUSPICIOUS**
06:50:56.653 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22271_none_175f1d2eca777471.manifest **SUSPICIOUS**
06:51:39.834 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c.manifest **SUSPICIOUS**
06:51:43.328 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.18113_none_3200c81cf05ef9b3.manifest **SUSPICIOUS**
06:51:46.432 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.22280_none_323bb49609b8110f.manifest **SUSPICIOUS**
06:51:50.520 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2.manifest **SUSPICIOUS**
06:51:53.749 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d.manifest **SUSPICIOUS**
06:51:58.647 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_9.4.8112.16476_none_dea864b6419ef3ac.manifest **SUSPICIOUS**
06:52:01.892 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_9.4.8112.20586_none_df2731955ac4af67.manifest **SUSPICIOUS**
06:52:05.371 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16476_none_c6eac3d14a8d5402.manifest **SUSPICIOUS**
06:52:08.553 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20586_none_c76990b063b30fbd.manifest **SUSPICIOUS**
06:52:12.001 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16476_none_9204ed0629520a2a.manifest **SUSPICIOUS**
06:52:15.246 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20586_none_9283b9e54277c5e5.manifest **SUSPICIOUS**
06:52:18.803 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16476_none_ae23da7321270fd7.manifest **SUSPICIOUS**
06:52:22.001 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20586_none_aea2a7523a4ccb92.manifest **SUSPICIOUS**
06:52:25.635 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16476_none_e3644709b5479857.manifest **SUSPICIOUS**
06:52:29.005 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20586_none_e3e313e8ce6d5412.manifest **SUSPICIOUS**
06:52:41.454 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16476_none_01a1c300fe4ce61b.manifest **SUSPICIOUS**
06:52:44.699 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20586_none_02208fe01772a1d6.manifest **SUSPICIOUS**
06:52:48.037 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.16476_none_c71bddb9350f9257.manifest **SUSPICIOUS**
06:52:51.282 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.20586_none_c79aaa984e354e12.manifest **SUSPICIOUS**
06:52:55.119 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_14b439146432f7a4.manifest **SUSPICIOUS**
06:52:58.208 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_14ef258d7d8c0f00.manifest **SUSPICIOUS**
06:53:01.640 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22252_none_b6b33b7d8557de1f.manifest **SUSPICIOUS**
06:53:05.556 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_2179db51e57e3867.manifest **SUSPICIOUS**
06:53:08.723 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22271_none_21b3c780fed8366c.manifest **SUSPICIOUS**
06:53:19.440 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.16476_none_cd31ac6ff1344730.manifest **SUSPICIOUS**
06:53:22.653 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.20586_none_cdb0794f0a5a02eb.manifest **SUSPICIOUS**
06:53:26.507 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16476_none_a7883aa46c42ec54.manifest **SUSPICIOUS**
06:53:29.720 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20586_none_a80707838568a80f.manifest **SUSPICIOUS**
06:53:34.572 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16476_none_1a378811bc3d6dc3.manifest **SUSPICIOUS**
06:53:37.817 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20586_none_1ab654f0d563297e.manifest **SUSPICIOUS**
06:53:41.654 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16476_none_53f3a1645a40ba04.manifest **SUSPICIOUS**
06:53:44.868 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.20586_none_54726e43736675bf.manifest **SUSPICIOUS**
06:53:48.206 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_9.4.8112.16476_none_54fe4096f10461f7.manifest **SUSPICIOUS**
06:53:51.389 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_9.4.8112.20586_none_557d0d760a2a1db2.manifest **SUSPICIOUS**
06:53:55.679 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16476_none_a87d78f364faf842.manifest **SUSPICIOUS**
06:53:58.877 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.20586_none_a8fc45d27e20b3fd.manifest **SUSPICIOUS**
06:54:02.215 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16476_none_5fdbc489b4a35eb0.manifest **SUSPICIOUS**
06:54:05.397 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.20586_none_605a9168cdc91a6b.manifest **SUSPICIOUS**
06:54:09.079 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.16476_none_d2bae371e80f98ac.manifest **SUSPICIOUS**
06:54:12.324 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.20586_none_d339b05101355467.manifest **SUSPICIOUS**
06:54:16.193 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16476_none_5ff23eeda6ee8c20.manifest **SUSPICIOUS**
06:54:19.500 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20586_none_60710bccc01447db.manifest **SUSPICIOUS**
06:54:23.244 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.4.8112.16476_none_177473bd4f647aac.manifest **SUSPICIOUS**
06:54:26.442 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.4.8112.20586_none_17f3409c688a3667.manifest **SUSPICIOUS**
06:54:29.765 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16476_none_0585a5ff0325535f.manifest **SUSPICIOUS**
06:54:32.994 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.20586_none_060472de1c4b0f1a.manifest **SUSPICIOUS**
06:54:36.364 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.16476_none_087965da7834bc6d.manifest **SUSPICIOUS**
06:54:39.577 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.20586_none_08f832b9915a7828.manifest **SUSPICIOUS**
06:54:46.769 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721.manifest **SUSPICIOUS**
06:54:50.076 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d.manifest **SUSPICIOUS**
06:54:56.378 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.18079_none_31b9734c24169dbf.manifest **SUSPICIOUS**
06:54:59.467 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.22252_none_3251afcf3d2a516d.manifest **SUSPICIOUS**
06:55:02.650 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7601.22252_en-us_76255923fe006e76.manifest **SUSPICIOUS**
06:55:08.266 File: C:\Windows\winsxs\Manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.manifest **SUSPICIOUS**
06:55:34.552 File: C:\Windows\winsxs\Manifests\x86_system.printing_31bf3856ad364e35_6.1.7601.22309_none_75e11e57ed6f8b6a.manifest **SUSPICIOUS**
06:55:41.228 File: C:\Windows\winsxs\Manifests\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7601.18140_none_706936a5b4549430.manifest **SUSPICIOUS**
07:00:01.827 File: C:\Windows\wmsetup.log **SUSPICIOUS**
07:00:01.889 Scan finished successfully
07:00:57.394 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
07:00:57.441 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"
Anyone? :-)
-----------------------------------------------
Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?1137-Waiting-for-help-in-the-Malware-Forum-FOUR-days-or-longer)
http: // coolremote.wordpress.com/download/ Edit- Disabled link
Here's my dds log and zip:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Mike at 21:23:29 on 2013-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8141.5816 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.techadvanced.com
uDefault_Page_URL = hxxp://www.techadvanced.com
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://battlelog.battlefield.com/bf3/sso/Ciyvab0tregdVsBtboIpeChe4G6uzC1v5_-SIxmvSLKYPx36ricFuzmuHs-W1svSz3_RHDOMoi3nJiNT68942tgeUr2x0p0yPFWJM9yWvVZm-18tjiEqqBGf4sattPjJQEQrWXzMK3A4OzTSrC9RpA..
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{DC0A90B1-AA2C-4D67-A605-DD3B3153F037} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-27 05:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-10-27 05:57; jid1-AusxzKACE9lLYQ@jetpack; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\jid1-AusxzKACE9lLYQ@jetpack.xpi
FF - ExtSQL: 2013-10-27 05:59; sumeetkpatel@gmail.com; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\sumeetkpatel@gmail.com.xpi
FF - ExtSQL: 2013-10-27 06:38; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-10-27 06:39; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-27 06:39; jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\iw7bi6ul.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-13 652344]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-13 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-13 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-13 14904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-3-13 129824]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-20 182088]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-13 166688]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-13 365344]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-13 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-13 791608]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-7-24 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-3-13 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-11 111616]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-2-1 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-2-1 42192]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\Windows\System32\drivers\KORGUM64.SYS [2013-5-31 34136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-13 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-3-13 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-13 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-12 03:08:50 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30A39B2C-2864-4205-9CD5-28CFAB13C9D0}\mpengine.dll
2013-11-11 10:11:22 -------- d-----r- C:\Users\Mike\Podcasts
2013-11-11 10:11:14 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR
2013-11-11 10:11:12 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY
2013-11-11 10:11:10 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID
2013-11-11 10:11:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE
2013-11-11 10:11:08 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO
2013-11-11 10:11:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU
2013-11-11 10:11:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2013-11-11 10:11:05 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR
2013-11-11 10:11:04 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK
2013-11-11 10:11:03 -------- d-----w- C:\Windows\System32\drivers\UMDF\cs-CZ
2013-11-11 10:11:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-TW
2013-11-11 10:11:00 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2013-11-11 10:10:59 -------- d-----w- C:\Windows\System32\drivers\UMDF\pl-PL
2013-11-11 10:10:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN
2013-11-11 10:10:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2013-11-11 10:10:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2013-11-11 10:10:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2013-11-11 10:10:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2013-11-11 10:10:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2013-11-11 10:10:51 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2013-11-11 10:10:50 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2013-11-11 10:10:49 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2013-11-11 08:07:11 -------- d-----w- C:\Users\Mike\AppData\Local\{813682E0-7746-4E8D-8392-27E78AAAD039}
2013-11-11 05:17:56 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-07 03:26:32 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB49498F-6022-41F3-8584-99426A53A86B}\gapaengine.dll
2013-11-05 06:29:36 -------- d-----w- C:\Users\Mike\AppData\Roaming\PC Remote
2013-11-05 06:29:26 -------- d-----w- C:\Program Files (x86)\PC Remote
2013-11-05 03:40:16 -------- d-----w- C:\Program Files (x86)\Windows Phone
2013-11-05 03:34:54 -------- d-----w- C:\ProgramData\Applications
2013-10-29 10:12:40 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2013-10-29 10:12:40 -------- d-----w- C:\Program Files (x86)\CodeSourcery
2013-10-29 10:12:02 -------- d--h--w- C:\Users\Mike\InstallAnywhere
2013-10-29 10:09:21 -------- d-----w- C:\Users\Mike\.Nokia
2013-10-29 10:07:27 -------- d-----w- C:\Program Files (x86)\Common Files\Symbian
2013-10-29 10:04:34 -------- d-----w- C:\Nokia
2013-10-29 10:00:08 -------- d-----w- C:\Perl
2013-10-27 11:29:46 -------- d-----w- C:\ProgramData\Oracle
2013-10-27 11:28:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-27 10:52:52 -------- d-----w- C:\Users\Mike\AppData\Local\Macromedia
2013-10-23 09:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-20 11:27:52 -------- d-----w- C:\Users\Mike\AppData\Local\{8E00EC5D-29F6-43BD-9730-D9EA2338101F}
2013-10-19 03:39:20 -------- d-----w- C:\Program Files (x86)\MacroRecorder
2013-10-18 09:33:20 -------- d-----w- C:\Users\Mike\AppData\Local\Diagnostics
2013-10-18 08:50:32 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-18 08:50:32 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-18 08:50:32 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-18 08:50:32 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-18 08:50:31 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-18 08:50:31 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-18 08:50:31 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
.
==================== Find3M ====================
.
2013-10-27 15:12:52 18286416 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-09 18:27:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 18:27:54 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-18 03:22:42 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-09-18 03:22:42 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-09-18 03:22:42 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2013-09-18 03:22:42 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
2013-09-18 03:22:42 1510176 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-06 17:59:50 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-09-06 17:59:50 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-20 11:24:08 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
.
============= FINISH: 21:24:17.87 ===============
11021
And here's my aswMBR full scan log:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-12 22:19:43
-----------------------------
22:19:43.333 OS Version: Windows x64 6.1.7601 Service Pack 1
22:19:43.333 Number of processors: 4 586 0x3A09
22:19:43.334 ComputerName: BEAST3 UserName: Mike
22:19:44.623 Initialize success
22:19:58.401 AVAST engine defs: 13111200
22:20:01.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
22:20:01.525 Disk 0 Vendor: ATA_____ 1H15 Size: 476940MB BusType: 11
22:20:01.820 Disk 0 MBR read successfully
22:20:01.821 Disk 0 MBR scan
22:20:01.824 Disk 0 Windows 7 default MBR code
22:20:01.848 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
22:20:02.104 Disk 0 scanning C:\Windows\system32\drivers
22:20:24.936 Service scanning
22:20:46.360 Modules scanning
22:20:46.366 Disk 0 trace - called modules:
22:20:46.386 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
22:20:46.388 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007765060]
22:20:46.390 3 CLASSPNP.SYS[fffff880014c143f] -> nt!IofCallDriver -> [0xfffffa8007639b50]
22:20:46.714 5 iaStorF.sys[fffff8800188f9a0] -> nt!IofCallDriver -> \Device\00000061[0xfffffa800716d060]
22:20:48.394 AVAST engine scan C:\
01:55:57.966 File: C:\Users\Mike\Desktop\Mike\Music\DUB\A1 Russko\21 2 N A Q.mp3 **SUSPICIOUS**
02:03:18.413 File: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat{93981612-b341-11e2-b76b-7054d21a5901}.TM.blf **SUSPICIOUS**
02:03:59.819 File: C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini **SUSPICIOUS**
02:07:16.852 File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\345567d66d56f40d81d3c9369a8c1b18\ReachFramework.ni.dll **SUSPICIOUS**
02:07:56.352 File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef36f3c4cd9ee00b718011b9c873720c\System.Web.ni.dll **SUSPICIOUS**
02:27:41.308 File: C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Flash.mpp **SUSPICIOUS**
02:27:53.195 File: C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\MCIMPP.mpp **SUSPICIOUS**
02:28:40.307 File: C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\WindowsMedia.mpp **SUSPICIOUS**
02:43:45.064 File: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Xaml.targets **SUSPICIOUS**
02:46:55.293 File: C:\Windows\Prefetch\ISMAGENT.EXE-486EC459.pf **SUSPICIOUS**
02:48:08.629 File: C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{939815fa-b341-11e2-b76b-806e6f6e6963}.TM.blf **SUSPICIOUS**
02:48:12.170 File: C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{939815fa-b341-11e2-b76b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms **SUSPICIOUS**
02:48:17.848 File: C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b4ab0466-db41-11e2-8053-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms **SUSPICIOUS**
02:52:02.069 File: C:\Windows\servicing\Packages\Package_13_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:52:05.330 File: C:\Windows\servicing\Packages\Package_13_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:53:10.680 File: C:\Windows\servicing\Packages\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
02:53:14.144 File: C:\Windows\servicing\Packages\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.mum **SUSPICIOUS**
02:53:18.714 File: C:\Windows\servicing\Packages\Package_2_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
02:53:22.521 File: C:\Windows\servicing\Packages\Package_2_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.mum **SUSPICIOUS**
02:53:25.984 File: C:\Windows\servicing\Packages\Package_2_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:53:29.369 File: C:\Windows\servicing\Packages\Package_2_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:53:33.597 File: C:\Windows\servicing\Packages\Package_2_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
02:53:36.966 File: C:\Windows\servicing\Packages\Package_2_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.mum **SUSPICIOUS**
02:54:20.955 File: C:\Windows\servicing\Packages\Package_3_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
02:54:24.356 File: C:\Windows\servicing\Packages\Package_3_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.mum **SUSPICIOUS**
02:54:28.361 File: C:\Windows\servicing\Packages\Package_3_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:54:31.640 File: C:\Windows\servicing\Packages\Package_3_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:54:47.881 File: C:\Windows\servicing\Packages\Package_4_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:54:51.136 File: C:\Windows\servicing\Packages\Package_4_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:56:47.620 File: C:\Windows\servicing\Packages\Package_for_KB2799926_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
02:56:50.914 File: C:\Windows\servicing\Packages\Package_for_KB2799926_SP1~31bf3856ad364e35~amd64~~6.1.1.0.mum **SUSPICIOUS**
02:56:54.280 File: C:\Windows\servicing\Packages\Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
02:56:57.678 File: C:\Windows\servicing\Packages\Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.mum **SUSPICIOUS**
02:57:06.407 File: C:\Windows\servicing\Packages\Package_for_KB2808735_SP1~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
02:57:09.540 File: C:\Windows\servicing\Packages\Package_for_KB2808735_SP1~31bf3856ad364e35~amd64~~6.1.1.2.mum **SUSPICIOUS**
02:57:12.837 File: C:\Windows\servicing\Packages\Package_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
02:57:16.172 File: C:\Windows\servicing\Packages\Package_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.mum **SUSPICIOUS**
02:57:20.252 File: C:\Windows\servicing\Packages\Package_for_KB2813170_RTM~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:57:23.618 File: C:\Windows\servicing\Packages\Package_for_KB2813170_RTM~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:57:27.060 File: C:\Windows\servicing\Packages\Package_for_KB2813170_SP1~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:57:30.517 File: C:\Windows\servicing\Packages\Package_for_KB2813170_SP1~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:57:33.909 File: C:\Windows\servicing\Packages\Package_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
02:57:37.275 File: C:\Windows\servicing\Packages\Package_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.mum **SUSPICIOUS**
02:57:41.283 File: C:\Windows\servicing\Packages\Package_for_KB2813347~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
02:57:53.883 File: C:\Windows\servicing\Packages\Package_for_KB2823324_SP1~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
02:57:57.262 File: C:\Windows\servicing\Packages\Package_for_KB2823324_SP1~31bf3856ad364e35~amd64~~6.1.1.1.mum **SUSPICIOUS**
02:58:00.853 File: C:\Windows\servicing\Packages\Package_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.mum **SUSPICIOUS**
02:58:11.047 File: C:\Windows\servicing\Packages\Package_for_KB2835361~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:06:13.389 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_13_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:07:11.540 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
03:07:16.124 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
03:07:19.624 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:07:24.112 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
03:07:41.310 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
03:07:44.583 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:07:52.415 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:08:49.170 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2799926_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
03:08:52.397 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat **SUSPICIOUS**
03:08:57.069 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2808735_SP1~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
03:09:00.325 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2808735~31bf3856ad364e35~amd64~~6.1.1.2.cat **SUSPICIOUS**
03:09:04.106 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2813170_RTM~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:09:07.710 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2813170_SP1~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:09:11.067 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2813170~31bf3856ad364e35~amd64~~6.1.1.3.cat **SUSPICIOUS**
03:09:17.707 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2823324_SP1~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
03:09:21.127 File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1.cat **SUSPICIOUS**
04:25:36.030 File: C:\Windows\SysWOW64\Macromed\Flash\plugin.vch **SUSPICIOUS**
04:28:48.443 File: C:\Windows\SysWOW64\msvcp71.dll **SUSPICIOUS**
06:45:54.340 File: C:\Windows\winsxs\Catalogs\1966ef76654c75dce21dc56abef0abd7892f572af9d084abe580867652431a80.cat **SUSPICIOUS**
06:46:02.545 File: C:\Windows\winsxs\Catalogs\2e949dd00cfa531ace75fa4dd19e918ea2f33ae8cdb6c58a67d1742f8278b517.cat **SUSPICIOUS**
06:46:10.595 File: C:\Windows\winsxs\Catalogs\46db34684aa9afe79c9fa7822e9258ae9426e6724b78088034e88330c1593089.cat **SUSPICIOUS**
06:46:19.300 File: C:\Windows\winsxs\Catalogs\7b5960d7654c4f451e3e098b371d354ca69c1f591ee612de3eae2b81c985ecd5.cat **SUSPICIOUS**
06:46:25.181 File: C:\Windows\winsxs\Catalogs\9e12c1238312748772cf53dfc9bfa5b6a2e7e58ba553979b2fe5201392f6ba6d.cat **SUSPICIOUS**
06:46:32.529 File: C:\Windows\winsxs\Catalogs\a86b3589cd4cc20b8d300c1d7599ecbe8df5005c4bef0c4f38dc0bfeebf01d7a.cat **SUSPICIOUS**
06:46:35.836 File: C:\Windows\winsxs\Catalogs\a937ac3d50c197a59686a54a456d6961e2c51381af3da8f7fae1d1ed102019ac.cat **SUSPICIOUS**
06:46:45.305 File: C:\Windows\winsxs\Catalogs\c1f304f9f3a77d01372748ace4180630d1f0713ba3517c5bc5a03ffa2e834a11.cat **SUSPICIOUS**
06:47:05.320 File: C:\Windows\winsxs\Manifests\amd64_10c62133ba63b71681cb70136c1dc157_31bf3856ad364e35_6.1.7601.22280_none_1a52f731ad79c8a4.manifest **SUSPICIOUS**
06:47:09.719 File: C:\Windows\winsxs\Manifests\amd64_1b1a122ae4155daceb8549a97531a576_31bf3856ad364e35_6.1.7601.18062_none_87494051e6d620d0.manifest **SUSPICIOUS**
06:47:12.777 File: C:\Windows\winsxs\Manifests\amd64_1bb1c59d97b21750cc1dfd22877138a1_b77a5c561934e089_6.1.7601.22326_none_1d651898ef676862.manifest **SUSPICIOUS**
06:47:16.084 File: C:\Windows\winsxs\Manifests\amd64_1dafdd3989752adc59acb3169cb4c4ca_31bf3856ad364e35_6.1.7601.22280_none_7f36d293a4b52176.manifest **SUSPICIOUS**
06:47:19.875 File: C:\Windows\winsxs\Manifests\amd64_241e1ee2bc1643b4a2ec4177ad2bf0ba_31bf3856ad364e35_6.1.7601.18113_none_3f9428536788d6b4.manifest **SUSPICIOUS**
06:47:23.666 File: C:\Windows\winsxs\Manifests\amd64_2b03690b944e6c639dc5890b9f674381_31bf3856ad364e35_6.1.7601.22271_none_719df1a0be23859c.manifest **SUSPICIOUS**
06:47:27.503 File: C:\Windows\winsxs\Manifests\amd64_2fb4dd3305498855e571310baf4f17f5_31bf3856ad364e35_6.1.7601.22341_none_b1f6719c6bd9322c.manifest **SUSPICIOUS**
06:47:37.924 File: C:\Windows\winsxs\Manifests\amd64_5bb0419bc2dceec16d00cd2d62bab32f_31bf3856ad364e35_6.1.7601.22272_none_e05cc17eba7595fd.manifest **SUSPICIOUS**
06:47:43.977 File: C:\Windows\winsxs\Manifests\amd64_6e5c77c60b15e5a92b72778653deb5b7_31bf3856ad364e35_6.1.7601.22280_none_ad3b7086e31fb242.manifest **SUSPICIOUS**
06:47:48.438 File: C:\Windows\winsxs\Manifests\amd64_78d2045fb8484c7bf8d18743f80c16d5_31bf3856ad364e35_6.1.7601.18113_none_96d5490de788ee80.manifest **SUSPICIOUS**
06:47:51.855 File: C:\Windows\winsxs\Manifests\amd64_7ae4c1b47fdddb78a37e462ec12ca455_31bf3856ad364e35_6.1.7601.18106_none_735340ae444f203e.manifest **SUSPICIOUS**
06:48:02.369 File: C:\Windows\winsxs\Manifests\amd64_984020bc4647e0133fced4aef3b9012b_31bf3856ad364e35_6.1.7601.22280_none_2032ed9f7e23079e.manifest **SUSPICIOUS**
06:48:05.458 File: C:\Windows\winsxs\Manifests\amd64_986fa3455dc58c289eaf32f8b1784a3e_31bf3856ad364e35_6.1.7600.21490_none_a4537a84316c1e06.manifest **SUSPICIOUS**
06:48:10.450 File: C:\Windows\winsxs\Manifests\amd64_a450469bb87393ab2ebb048302914a92_31bf3856ad364e35_6.1.7601.18105_none_457be4edb908bc15.manifest **SUSPICIOUS**
06:48:18.281 File: C:\Windows\winsxs\Manifests\amd64_cac2d332d342168b2f40290894950ec0_31bf3856ad364e35_6.1.7601.18113_none_37b2b5764a38e39f.manifest **SUSPICIOUS**
06:48:22.119 File: C:\Windows\winsxs\Manifests\amd64_cdec8e4c241d347be214eea8a628418b_31bf3856ad364e35_6.1.7601.22230_none_c288eaaba7849758.manifest **SUSPICIOUS**
06:48:25.801 File: C:\Windows\winsxs\Manifests\amd64_d1e8f71baf4110a55326bcfa6bc80851_31bf3856ad364e35_6.1.7601.22280_none_9e8bad72111f2ec6.manifest **SUSPICIOUS**
06:48:28.999 File: C:\Windows\winsxs\Manifests\amd64_d2c24c62af255ae3fd036cce87cdb2af_31bf3856ad364e35_6.1.7601.18113_none_6a233932bf2c9ae5.manifest **SUSPICIOUS**
06:48:34.895 File: C:\Windows\winsxs\Manifests\amd64_ed5477768951d6b2166332818c455eb9_31bf3856ad364e35_6.1.7601.22271_none_1d3e82ea3c3a1673.manifest **SUSPICIOUS**
06:48:38.561 File: C:\Windows\winsxs\Manifests\amd64_f0624721ed4bcc699fb5852e4c775a18_31bf3856ad364e35_6.1.7600.16977_none_4ac4fe930db2c49f.manifest **SUSPICIOUS**
06:48:43.288 File: C:\Windows\winsxs\Manifests\amd64_fe88709a8deb4f278e87f6a2c5ddce66_31bf3856ad364e35_6.1.7601.18113_none_7ac0716bc806da6f.manifest **SUSPICIOUS**
06:48:48.358 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951.manifest **SUSPICIOUS**
06:48:54.988 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.18113_none_27ac1dcabbfe37b8.manifest **SUSPICIOUS**
06:48:58.077 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.22280_none_27e70a43d5574f14.manifest **SUSPICIOUS**
06:49:25.939 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.4.8112.16476_none_73930f4107c1ebe2.manifest **SUSPICIOUS**
06:49:29.215 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.4.8112.20586_none_7411dc2020e7a79d.manifest **SUSPICIOUS**
06:49:32.693 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16476_none_61a44182bb82c495.manifest **SUSPICIOUS**
06:49:35.907 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.20586_none_62230e61d4a88050.manifest **SUSPICIOUS**
06:49:39.230 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.16476_none_6498015e30922da3.manifest **SUSPICIOUS**
06:49:43.021 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16476_none_d90f9cb780e6d65c.manifest **SUSPICIOUS**
06:49:46.312 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20586_none_d98e69969a0c9217.manifest **SUSPICIOUS**
06:50:02.115 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_ca554865cac3a857.manifest **SUSPICIOUS**
06:50:05.235 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_ca9034dee41cbfb3.manifest **SUSPICIOUS**
06:50:10.352 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..gistry-trustedtypes_31bf3856ad364e35_6.1.7600.16977_none_dfffc71e480f2950.manifest **SUSPICIOUS**
06:50:13.581 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..gistry-trustedtypes_31bf3856ad364e35_6.1.7600.21490_none_e06c9fdf61437a52.manifest **SUSPICIOUS**
06:50:19.291 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7601.18062_none_8c724c74f6b7b8c3.manifest **SUSPICIOUS**
06:50:22.380 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7601.22230_none_8d1a5a560fbecf33.manifest **SUSPICIOUS**
06:50:25.921 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16476_none_f74d18aec9ec2420.manifest **SUSPICIOUS**
06:50:29.212 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20586_none_f7cbe58de311dfdb.manifest **SUSPICIOUS**
06:50:32.598 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.16476_none_bcc7336700aed05c.manifest **SUSPICIOUS**
06:50:35.967 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.20586_none_bd46004619d48c17.manifest **SUSPICIOUS**
06:50:41.318 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9.manifest **SUSPICIOUS**
06:50:44.391 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05.manifest **SUSPICIOUS**
06:50:53.470 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_172530ffb11d766c.manifest **SUSPICIOUS**
06:50:56.653 File: C:\Windows\winsxs\Manifests\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22271_none_175f1d2eca777471.manifest **SUSPICIOUS**
06:51:39.834 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c.manifest **SUSPICIOUS**
06:51:43.328 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.18113_none_3200c81cf05ef9b3.manifest **SUSPICIOUS**
06:51:46.432 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.22280_none_323bb49609b8110f.manifest **SUSPICIOUS**
06:51:50.520 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2.manifest **SUSPICIOUS**
06:51:53.749 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d.manifest **SUSPICIOUS**
06:51:58.647 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_9.4.8112.16476_none_dea864b6419ef3ac.manifest **SUSPICIOUS**
06:52:01.892 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_9.4.8112.20586_none_df2731955ac4af67.manifest **SUSPICIOUS**
06:52:05.371 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16476_none_c6eac3d14a8d5402.manifest **SUSPICIOUS**
06:52:08.553 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20586_none_c76990b063b30fbd.manifest **SUSPICIOUS**
06:52:12.001 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16476_none_9204ed0629520a2a.manifest **SUSPICIOUS**
06:52:15.246 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20586_none_9283b9e54277c5e5.manifest **SUSPICIOUS**
06:52:18.803 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16476_none_ae23da7321270fd7.manifest **SUSPICIOUS**
06:52:22.001 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20586_none_aea2a7523a4ccb92.manifest **SUSPICIOUS**
06:52:25.635 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16476_none_e3644709b5479857.manifest **SUSPICIOUS**
06:52:29.005 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20586_none_e3e313e8ce6d5412.manifest **SUSPICIOUS**
06:52:41.454 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16476_none_01a1c300fe4ce61b.manifest **SUSPICIOUS**
06:52:44.699 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20586_none_02208fe01772a1d6.manifest **SUSPICIOUS**
06:52:48.037 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.16476_none_c71bddb9350f9257.manifest **SUSPICIOUS**
06:52:51.282 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.20586_none_c79aaa984e354e12.manifest **SUSPICIOUS**
06:52:55.119 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_14b439146432f7a4.manifest **SUSPICIOUS**
06:52:58.208 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_14ef258d7d8c0f00.manifest **SUSPICIOUS**
06:53:01.640 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22252_none_b6b33b7d8557de1f.manifest **SUSPICIOUS**
06:53:05.556 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_2179db51e57e3867.manifest **SUSPICIOUS**
06:53:08.723 File: C:\Windows\winsxs\Manifests\wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22271_none_21b3c780fed8366c.manifest **SUSPICIOUS**
06:53:19.440 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.16476_none_cd31ac6ff1344730.manifest **SUSPICIOUS**
06:53:22.653 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.20586_none_cdb0794f0a5a02eb.manifest **SUSPICIOUS**
06:53:26.507 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16476_none_a7883aa46c42ec54.manifest **SUSPICIOUS**
06:53:29.720 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20586_none_a80707838568a80f.manifest **SUSPICIOUS**
06:53:34.572 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16476_none_1a378811bc3d6dc3.manifest **SUSPICIOUS**
06:53:37.817 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20586_none_1ab654f0d563297e.manifest **SUSPICIOUS**
06:53:41.654 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16476_none_53f3a1645a40ba04.manifest **SUSPICIOUS**
06:53:44.868 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.20586_none_54726e43736675bf.manifest **SUSPICIOUS**
06:53:48.206 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_9.4.8112.16476_none_54fe4096f10461f7.manifest **SUSPICIOUS**
06:53:51.389 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_9.4.8112.20586_none_557d0d760a2a1db2.manifest **SUSPICIOUS**
06:53:55.679 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16476_none_a87d78f364faf842.manifest **SUSPICIOUS**
06:53:58.877 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.20586_none_a8fc45d27e20b3fd.manifest **SUSPICIOUS**
06:54:02.215 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16476_none_5fdbc489b4a35eb0.manifest **SUSPICIOUS**
06:54:05.397 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.20586_none_605a9168cdc91a6b.manifest **SUSPICIOUS**
06:54:09.079 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.16476_none_d2bae371e80f98ac.manifest **SUSPICIOUS**
06:54:12.324 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.20586_none_d339b05101355467.manifest **SUSPICIOUS**
06:54:16.193 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16476_none_5ff23eeda6ee8c20.manifest **SUSPICIOUS**
06:54:19.500 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20586_none_60710bccc01447db.manifest **SUSPICIOUS**
06:54:23.244 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.4.8112.16476_none_177473bd4f647aac.manifest **SUSPICIOUS**
06:54:26.442 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.4.8112.20586_none_17f3409c688a3667.manifest **SUSPICIOUS**
06:54:29.765 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16476_none_0585a5ff0325535f.manifest **SUSPICIOUS**
06:54:32.994 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.20586_none_060472de1c4b0f1a.manifest **SUSPICIOUS**
06:54:36.364 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.16476_none_087965da7834bc6d.manifest **SUSPICIOUS**
06:54:39.577 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.20586_none_08f832b9915a7828.manifest **SUSPICIOUS**
06:54:46.769 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721.manifest **SUSPICIOUS**
06:54:50.076 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d.manifest **SUSPICIOUS**
06:54:56.378 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.18079_none_31b9734c24169dbf.manifest **SUSPICIOUS**
06:54:59.467 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.22252_none_3251afcf3d2a516d.manifest **SUSPICIOUS**
06:55:02.650 File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7601.22252_en-us_76255923fe006e76.manifest **SUSPICIOUS**
06:55:08.266 File: C:\Windows\winsxs\Manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.manifest **SUSPICIOUS**
06:55:34.552 File: C:\Windows\winsxs\Manifests\x86_system.printing_31bf3856ad364e35_6.1.7601.22309_none_75e11e57ed6f8b6a.manifest **SUSPICIOUS**
06:55:41.228 File: C:\Windows\winsxs\Manifests\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7601.18140_none_706936a5b4549430.manifest **SUSPICIOUS**
07:00:01.827 File: C:\Windows\wmsetup.log **SUSPICIOUS**
07:00:01.889 Scan finished successfully
07:00:57.394 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
07:00:57.441 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"
Anyone? :-)
-----------------------------------------------
Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?1137-Waiting-for-help-in-the-Malware-Forum-FOUR-days-or-longer)