Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispyware Soft and BSOD


  • This topic is locked This topic is locked
38 replies to this topic

#1 Dekabreak

Dekabreak

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 27 May 2010 - 09:24 PM

Sorry if this is in the wrong forum...

I was infected with Antispyware Soft about a week ago, and I removed it, but then it came back, and my computer BSOD on me about 10 seconds after it came back.

I removed it with MalwareBytes Anti-Malware, but when going to the normal boot version of Windows 7, it still BSODs. I'm posting this while I'm in Safe Mode. The BSOD is IRQL_NOT+LESS_OR_EQUAL 0x000000a FWIW...

any help?

Edited by Budapest, 27 May 2010 - 10:35 PM.
Moved from Win7 ~BP


BC AdBot (Login to Remove)

 


#2 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 28 May 2010 - 06:29 PM

I tried once again on booting to normal mode. BSODs right about 1 minute after desktop is loaded.

There also seems to be a redirect virus as well. For instance, when I look up on Google "computer virus" and click on the first link (wikipedia page), it redirects me to some kind of a search engine site.

Please help, I need to do a very important project for the weekend and I do not want this to derail my project.

Edited by Dekabreak, 28 May 2010 - 06:48 PM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 PM

Posted 29 May 2010 - 03:50 AM

Hi, please try the steps below. I will move this topic to a more appropriate forum.

Please download OTLPE (filesize 120,9 MB)
  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 May 2010 - 09:30 AM

OTL logfile created on: 5/29/2010 11:25:17 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.47 Gb Total Space | 22.14 Gb Free Space | 7.67% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.62 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 9.62 Gb Total Space | 1.33 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/05 22:15:31 | 002,478,640 | ---- | M] () [Auto] -- c:\Program Files\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010/03/01 23:58:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/03 16:40:38 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/04/09 21:42:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto] -- C:\Windows\System32\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot] -- -- (xqpeywpx)
DRV - File not found [Kernel | Boot] -- -- (qcjihv)
DRV - File not found [Kernel | Auto] -- -- (adfs)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/14 17:30:32 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/12 22:33:31 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/05 01:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/05/05 09:29:42 | 000,100,880 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/01 23:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 05:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 05:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 05:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/07/26 16:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 16:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/08/03 06:44:00 | 000,091,648 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2004/06/22 11:15:26 | 000,139,904 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rt2500usb.sys -- (u2kg54)


========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/28 20:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/27 21:43:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/27 21:38:51 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Local\jispjemql
[2010/05/25 17:20:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/23 14:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\RegTweaker
[2010/05/23 13:58:38 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\Malwarebytes
[2010/05/23 13:58:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/23 13:58:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/23 13:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/23 13:22:17 | 036,592,664 | ---- | C] (PC Tools ) -- C:\Users\Gian\Desktop\iexplore.exe
[2010/05/23 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Local\tmgdvvytv
[2010/05/22 23:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/22 23:41:13 | 000,000,000 | ---D | C] -- C:\Users\Gian\Favorites\Documents\Freecorder 4
[2010/05/22 23:41:13 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Local\FLVService
[2010/05/22 23:41:12 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
[2010/05/22 23:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2010/05/08 10:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/05/08 10:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/02 14:36:23 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\StreamTorrent
[2010/05/02 00:07:32 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/01 23:40:50 | 000,000,000 | ---D | C] -- C:\Users\Gian\Desktop\Adobe Illustrator CS5
[2010/05/01 23:29:35 | 005,309,440 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Gian\Favorites\Documents\flashplayer_10_sa_debug.exe
[2010/05/01 20:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/01 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Gian\Desktop\Adobe CS5

========== Files - Modified Within 30 Days ==========

[2010/05/29 10:11:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/29 10:05:27 | 000,001,773 | ---- | M] () -- C:\Users\Gian\Desktop\ImgBurn.lnk
[2010/05/29 08:48:24 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/28 20:06:56 | 000,005,853 | ---- | M] () -- C:\Users\Gian\Desktop\Attach.zip
[2010/05/28 19:40:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/27 22:00:39 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/27 21:22:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-324557414-659355397-3272978054-1000UA.job
[2010/05/27 20:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/27 17:22:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-324557414-659355397-3272978054-1000Core.job
[2010/05/27 07:33:05 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/27 07:33:05 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/27 07:27:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/27 07:27:27 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/05/26 22:55:48 | 000,016,165 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\Good morning.docx
[2010/05/25 22:42:57 | 000,012,208 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\essayproj5.docx
[2010/05/25 21:51:41 | 000,012,258 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\essayproj4.docx
[2010/05/25 20:28:50 | 000,012,112 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\essayproj3.docx
[2010/05/24 23:01:37 | 000,012,235 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\briefingsheet.docx
[2010/05/24 22:51:53 | 000,012,208 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\essayproj2.docx
[2010/05/24 22:00:25 | 000,011,811 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\essayproj1.docx
[2010/05/23 13:28:51 | 036,592,664 | ---- | M] (PC Tools ) -- C:\Users\Gian\Desktop\iexplore.exe
[2010/05/19 19:08:50 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/19 19:08:50 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/19 19:08:50 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/16 12:27:10 | 004,060,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/15 23:09:07 | 000,160,872 | ---- | M] () -- C:\Users\Gian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/13 21:15:50 | 000,010,799 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\msjulialetter.docx
[2010/05/13 18:34:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/08 10:39:38 | 000,000,719 | -H-- | M] () -- C:\IPH.PH
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/01 23:29:44 | 005,309,440 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Gian\Favorites\Documents\flashplayer_10_sa_debug.exe
[2010/05/01 23:21:55 | 005,423,057 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\534416_SmbcPreloader.swf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/28 20:06:56 | 000,005,853 | ---- | C] () -- C:\Users\Gian\Desktop\Attach.zip
[2010/05/25 22:42:56 | 000,012,208 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\essayproj5.docx
[2010/05/25 21:51:41 | 000,012,258 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\essayproj4.docx
[2010/05/25 20:28:50 | 000,012,112 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\essayproj3.docx
[2010/05/24 22:51:53 | 000,012,208 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\essayproj2.docx
[2010/05/24 22:00:24 | 000,011,811 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\essayproj1.docx
[2010/05/13 21:15:49 | 000,010,799 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\msjulialetter.docx
[2010/05/01 23:21:41 | 005,423,057 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\534416_SmbcPreloader.swf
[2010/03/12 15:02:21 | 000,003,584 | ---- | C] () -- C:\Users\Gian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 20:08:41 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll
[2010/01/24 22:19:29 | 000,000,768 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/01/11 19:08:06 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/11 19:08:06 | 000,138,056 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\PnkBstrK.sys
[2009/10/10 21:53:25 | 000,001,086 | ---- | C] () -- C:\Windows\AZPR3.INI
[2009/10/04 15:29:31 | 000,000,139 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\default.rss
[2009/10/03 23:19:18 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/09/26 18:54:51 | 000,017,408 | ---- | C] () -- C:\Windows\System32\SyncBackPro.dll
[2009/09/25 20:42:16 | 000,000,296 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009/09/21 22:26:51 | 000,000,639 | ---- | C] () -- C:\Windows\M3JPEG.INI
[2009/09/21 22:23:50 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/21 22:23:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/21 22:18:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/21 21:41:13 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:53:51 | 000,009,728 | ---- | C] () -- C:\Windows\System32\drivers\wfplwf.sys
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/27 05:48:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2009/02/18 22:15:02 | 000,000,344 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\wklnhst.dat
[2009/01/31 21:17:51 | 000,000,000 | ---- | C] () -- C:\Windows\wincmd.ini
[2008/07/26 14:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/04/10 17:33:21 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2007/12/01 15:48:00 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/01 15:48:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll

========== LOP Check ==========

[2009/10/03 15:21:03 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\.bsnes
[2009/09/27 16:11:36 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\2K Sports
[2009/09/27 16:11:37 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\acccore
[2009/10/12 22:46:54 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\DAEMON Tools
[2009/10/12 22:46:54 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\DAEMON Tools Lite
[2010/05/28 19:33:19 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Desktopicon
[2010/05/17 23:00:37 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\FileZilla
[2009/09/27 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\fltk.org
[2009/09/27 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\GetRightToGo
[2009/09/27 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\gtk-2.0
[2009/11/26 20:50:43 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\ImgBurn
[2010/03/07 14:17:23 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\inkscape
[2009/09/27 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\IrfanView
[2009/09/27 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Leadertech
[2009/11/08 00:13:04 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\LimeWire
[2009/10/04 21:36:58 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\NCH Swift Sound
[2009/09/27 16:12:49 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\OpenOffice.org
[2009/09/27 16:12:51 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Publish Providers
[2009/09/27 16:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Snapfish
[2009/09/27 16:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Sony
[2010/05/02 00:07:32 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/02 14:36:23 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\StreamTorrent
[2009/09/27 16:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\SystemRequirementsLab
[2009/09/27 16:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Template
[2010/05/11 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\uTorrent
[2009/09/27 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\WildTangent
[2009/09/27 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\WinBatch
[2010/05/27 07:27:27 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010/04/18 10:04:38 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 PM

Posted 29 May 2010 - 09:35 AM

If you still can boot succesfully in safe mode, please try the following:

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 May 2010 - 10:02 AM

combofix popped this message up:

QUOTE
Combofix has detected one of the following real time scanners to be active :

antivirus: avast! antivirus 4.8.1335
antispyware: avast! antivirus 4.8.1335

Please disable these scanner(s) before clicking "ok".


but when I try to disable avast, it seems to be disabled when in safe mode

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 PM

Posted 29 May 2010 - 10:13 AM

In that case, just ignore the warning and click OK.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 May 2010 - 11:05 AM

everything is normal, then there was a pop-up that said
QUOTE
Combofix has detected the presence of rootkit activity and needs to reboot

So reboots fine to safe mode, but then it detects cd-emulation. I am aware that I have some virtual drives (2), but I don't know how to remove them, I used defogger before opening combofix but that doesn't seem to work because of the reboot

Edited by Dekabreak, 29 May 2010 - 11:06 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 PM

Posted 29 May 2010 - 11:21 AM

Defogger needs to be run only once. Anyway, you can just allow the reboot, and reboot in safemode (through the F8 method). Combofix should finish its run fine and produce the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 May 2010 - 12:22 PM

Hey

the cd-emulation thing is gone, but ComboFix still tells me that there is a rootkit activity. Reboot in safe mode, then the same thing pops up again, and after the second reboot, ComboFix doesn't appear again. I checked in the C:/ folder but there is no log there

Edited by Dekabreak, 29 May 2010 - 12:22 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 PM

Posted 29 May 2010 - 12:42 PM

Please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to Reatogo-X-PE. Click start and open a command prompt.
Execute the following bolded command one line at a time. Press enter after each line.

c:

cd windows

look.bat


You will see 1 file copied many times then return to the x:\windows> prompt.
Restart your computer then logon in safe mode.

Once fully booted
  • Click on start
  • select Run...
  • enter "%userprofile%\Desktop\maxlook.exe" -sig and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.

Edited by elise025, 29 May 2010 - 12:46 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 May 2010 - 01:06 PM

CODE
Run from C:\Users\Gian\Desktop\maxlook.exe on Sat 05/29/2010 at 16:03:58.36

--------- maxlook unsigned files ---------

c:\windows\maxdriver\rt2500usb.sys:
    Verified:    Unsigned
    File date:    11:15 AM 6/22/2004
    Publisher:    Ralink Technology Inc.
    Description:    Sample Driver for Ralink 802.11g Wireless USB Adapters
    Product:    Ralink 802.11g Wireless USB Adapters
    Version:    1.01.02.0002
    File version:    1.01.02.0002
c:\windows\maxdriver\splitcam.sys:
    Verified:    Unsigned
    File date:    5:30 PM 2/14/2010
    Publisher:    LoteSoft Co.
    Description:    Video Capture Stream Splitter
    Product:    Video Capture Splitter driver
    Version:    3.2.1
    File version:    3.2.1
c:\windows\maxdriver\wfplwf.sys:
    Verified:    Unsigned
    File date:    7:53 PM 7/13/2009
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\rt2500usb.sys:
    Verified:    Unsigned
    File date:    11:15 AM 6/22/2004
    Publisher:    Ralink Technology Inc.
    Description:    Sample Driver for Ralink 802.11g Wireless USB Adapters
    Product:    Ralink 802.11g Wireless USB Adapters
    Version:    1.01.02.0002
    File version:    1.01.02.0002
c:\windows\system32\drivers\splitcam.sys:
    Verified:    Unsigned
    File date:    5:30 PM 2/14/2010
    Publisher:    LoteSoft Co.
    Description:    Video Capture Stream Splitter
    Product:    Video Capture Splitter driver
    Version:    3.2.1
    File version:    3.2.1



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 PM

Posted 29 May 2010 - 01:16 PM

Well done, we found at least the culprit. Next we need to find a replacement copy to replace the driver with.

Reboot from the OTLPE disk, open OTLPE and copy/past the following text into the "custom scan/fix" field. Click the NONE button and then Run Scan. Post me the resulting log.
CODE
/md5start
wfplwf.sys
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 May 2010 - 01:37 PM

OTL logfile created on: 5/29/2010 5:25:27 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.47 Gb Total Space | 21.94 Gb Free Space | 7.61% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.62 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 9.62 Gb Total Space | 1.33 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Custom Scans ==========



< MD5 for: WFPLWF.SYS >
[2009/07/13 19:53:51 | 000,009,728 | ---- | M] () MD5=510107F0028F221CD3BECDE4CBE3240E -- C:\Windows\maxdriver\wfplwf.sys
[2009/07/13 19:53:51 | 000,009,728 | ---- | M] () MD5=510107F0028F221CD3BECDE4CBE3240E -- C:\Windows\System32\drivers\wfplwf.sys
[2009/07/13 19:53:51 | 000,009,728 | ---- | M] () MD5=510107F0028F221CD3BECDE4CBE3240E -- C:\Windows\winsxs\x86_microsoft-windows-wfplwf_31bf3856ad364e35_6.1.7600.16385_none_fbf2ea2fafe20959\wfplwf.sys
< End of report >


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 PM

Posted 29 May 2010 - 01:57 PM

Do you have your Windows 7 CD at hand?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users