Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer closes and restarts in a loop, can't do anything


  • This topic is locked This topic is locked
8 replies to this topic

#1 yunier2002

yunier2002

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 01 December 2010 - 09:24 PM

I need to remove the malware/rootkits in it. I already run Malwarebytes in safe mode and removed everything that it found, but the problem still happens. Anothing thing is that I'm running Windows 7 64 bit so I can't run ComboFix, GMER, or other removal tools. Here is the DSS log, let me know what else to run and what other logs would you need. Thanks!


DDS (Ver_10-11-27.01) - NTFS_AMD64 NETWORK
Run by Yunier at 21:08:22.18 on Wed 12/01/2010
Internet Explorer: 8.0.7600.16384 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6459 [GMT -5:00]

FW: NCP Secure Client Firewall *disabled* {33F684F9-95EF-4FC3-9196-012CF0A4D310}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Users\Yunier\Desktop\ofq5c00l.exe
C:\Users\Yunier\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Yunier\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [Google Update] "C:\Users\Yunier\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [POEngine5]
uRun: [JP595IR86O] C:\Users\Yunier\AppData\Local\Temp\Spr.exe
uRun: [LvmnZkfgokP] C:\Users\Yunier\AppData\Local\Temp\jx2xomq3.exe
uRun: [LvmnZkfgnZ] C:\Users\Yunier\AppData\Local\Temp\cmd.exe
uRun: [LvmnZkfgnsc] C:\Users\Yunier\AppData\Local\Temp\drweb.exe
uRun: [LvmnZkfgoMc] C:\Users\Yunier\AppData\Local\Temp\gdi32.exe
uRun: [<NO NAME>] C:\Users\Yunier\AppData\Roaming\.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>] C:\Users\Yunier\AppData\Roaming\.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [NcpBudgetGui] "C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe" -start
mRun: [NcpPopup] "C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe" noerrmsg
mRun: [NcpMonitor] "C:\Program Files (x86)\NCP\SecureClient\ncpmon.exe" autorun
mRun: [NcpRsuGui] "C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe" -gui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [LvmnZkfgokP] C:\Users\Yunier\AppData\Local\Temp\jx2xomq3.exe
mRun: [LvmnZkfgnZ] C:\Users\Yunier\AppData\Local\Temp\cmd.exe
mRun: [LvmnZkfgnsc] C:\Users\Yunier\AppData\Local\Temp\drweb.exe
mRun: [LvmnZkfgoMc] C:\Users\Yunier\AppData\Local\Temp\gdi32.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\Yunier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Yunier\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} - hxxps://devlabman01/LabManager/ControlPanel/Machines/MachineDetails/ActiveXControls/ViewerXVNC/vmware-mks.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {BDC70E9E-13E8-457A-8231-5B1DE1CE75CA} = 4.2.2.5,4.2.2.6
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\Yunier\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Yunier\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Yunier\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\VMwareMKSPlugin@vmware.com\plugins\npmks.dll
FF - plugin: C:\Users\Yunier\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Yunier\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: XULRunner: {7761F348-D557-4DD6-B3EE-0376B6CC2E56} - C:\Users\Yunier\AppData\Local\{7761F348-D557-4DD6-B3EE-0376B6CC2E56}\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Diccionario de Espaņol/Espaņa: es-es@dictionaries.addons.mozilla.org - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\es-es@dictionaries.addons.mozilla.org
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\LogMeInClient@logmein.com
FF - Extension: Personas: personas@christopher.beard - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\personas@christopher.beard
FF - Extension: QuickDrag: quickdrag@mozilla.ktechcomputing.com - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Extension: Ask Toolbar: toolbar@ask.com - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\toolbar@ask.com
FF - Extension: VMware Remote MKS Plugin: VMwareMKSPlugin@vmware.com - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\VMwareMKSPlugin@vmware.com
FF - Extension: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - C:\Users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: XULRunner: {7761F348-D557-4DD6-B3EE-0376B6CC2E56} - C:\Users\Yunier\AppData\Local\{7761F348-D557-4DD6-B3EE-0376B6CC2E56}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - C:\Users\Yunier\AppData\Roaming\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-11 59904]
R3 ncplelhp;NCP Secure Client NDIS6 Driver;C:\Windows\System32\drivers\ncplelhp.sys [2010-1-22 151016]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2010-4-7 446304]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-17 233472]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/11 22:26:21];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-5-7 146928]
S2 6077757b;6077757b;C:\Windows\System32\drivers\regi.sys [2009-12-21 14112]
S2 ads;ads;C:\Windows\winad\winads.exe [2010-12-1 603136]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-11 202752]
S2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-9-17 212232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2009-9-16 19432]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-2 136176]
S2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2009-11-29 65536]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-1 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-9-20 72216]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-6-15 363344]
S2 ncpclcfg;ncpclcfg;C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe [2010-1-22 86016]
S2 ncprwsnt;ncprwsnt;C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe [2010-1-22 1381384]
S2 NcpSec;NcpSec;C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE [2010-1-22 32768]
S2 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2008-7-14 12288]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S2 regi;regi;C:\Windows\System32\drivers\regi.sys [2009-12-21 14112]
S2 rwsrsu;rwsrsu;C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [2010-1-22 819712]
S2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2009-9-17 102400]
S2 TeamViewer4;TeamViewer 4;C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-7 185640]
S2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2009-12-11 6228480]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2009-12-11 160256]
S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-2-22 14904]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-9-17 30528]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-1-13 24152]
S3 ncpfilt;NCP Filter;C:\Windows\System32\drivers\ncplelhp.sys [2010-1-22 151016]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2009-8-28 21504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-28 1255736]

=============== Created Last 30 ================

2010-12-02 01:56:34 0 ----a-w- C:\dds.scr
2010-12-02 01:11:23 172536 ----a-w- C:\cc_20101201_201112.reg
2010-12-02 00:22:22 30000 ----a-w- C:\Windows\SysWow64\v8vcxb8.dll
2010-12-02 00:22:22 30000 ----a-w- C:\Windows\SysWow64\da3c1v4.dll
2010-12-02 00:03:34 -------- d-----w- C:\Windows\SysWow64\1067
2010-12-02 00:02:08 -------- d-----w- C:\Windows\winad
2010-12-02 00:01:34 189440 ----a-w- C:\Windows\Shimob.exe
2010-12-02 00:00:54 174592 ----a-w- C:\Users\Yunier\AppData\Roaming\douzn.exe
2010-12-02 00:00:29 0 ----a-w- C:\Users\Yunier\AppData\Local\Cnonihuvuw.bin
2010-12-02 00:00:27 -------- d-----w- C:\Users\Yunier\AppData\Local\{7761F348-D557-4DD6-B3EE-0376B6CC2E56}
2010-12-01 18:51:28 195584 ----a-w- C:\Windows\Shimoa.exe
2010-12-01 18:51:18 46080 ---ha-w- C:\Windows\SysWow64\bthuunas.dll
2010-12-01 18:51:14 30000 ----a-w- C:\Windows\SysWow64\btxsu9yv8e.dll
2010-12-01 18:51:09 -------- d-----w- C:\Windows\SysWow64\msapps
2010-11-30 10:06:31 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{463AE5CF-AFD6-45A9-9268-59582ADED7B2}\mpengine.dll
2010-11-17 03:35:53 -------- d-----w- C:\Users\Yunier\AppData\Local\TechSmith
2010-11-16 23:48:21 -------- d-----w- C:\Windows\SysWow64\QuickTime
2010-11-16 23:48:00 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2010-11-15 07:39:01 -------- d-----w- C:\Users\Yunier\AppData\Roaming\ArcticLine
2010-11-15 07:38:10 -------- d-----w- C:\Program Files (x86)\Folder Marker
2010-11-06 16:55:34 -------- d-----w- C:\Users\Yunier\AppData\Roaming\mIRC
2010-11-06 16:55:34 -------- d-----w- C:\Program Files (x86)\mIRC
2010-11-06 16:40:42 -------- d-----w- C:\Users\Yunier\AppData\Roaming\Mimo
2010-11-06 16:40:33 -------- d-----w- C:\Program Files (x86)\Mimo

==================== Find3M ====================

2010-12-02 01:20:40 30528 ----a-w- C:\Windows\GVTDrv64.sys
2010-12-02 01:19:10 25640 ----a-w- C:\Windows\gdrv.sys
2010-11-29 22:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-30 05:37:22 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-09-30 05:37:22 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-09-30 05:37:22 33152 ----a-w- C:\Windows\System32\LMIport.dll
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll

============= FINISH: 21:09:40.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:00 PM

Posted 09 December 2010 - 05:55 PM

Hi yunier2002, and welcome to Bleeping Computer.

Your computer is quite heavily infected... Any reason for not using an antivirus??..
Remember, nowadays, the main problem is not to remove malware - the big problem is that many infections are designed to steal personal data and passwords - if you do not protect your computer properly, you may end up with your accounts compromised, etc. ...

If possible, please run all scans in Normal Mode (unless otherwise instructed)...

Let's start with ComboFix (yes, it should work on your 64bit Windows 7)...

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 yunier2002

yunier2002
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 09 December 2010 - 07:25 PM

Hi Snemelk, thanks for your help in advance. I do use an antivirus, it was an exe that I executed that caused this infection. I think I have cleaned most of it but there's still some lingering issues. Here is the ComboFix log.


ComboFix 10-12-08.04 - Yunier 12/09/2010 19:06:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.4389 [GMT -5:00]
Running from: c:\users\Yunier\Desktop\ComboFix.exe
FW: NCP Secure Client Firewall *disabled* {33F684F9-95EF-4FC3-9196-012CF0A4D310}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Yunier\AppData\Local\{7761F348-D557-4DD6-B3EE-0376B6CC2E56}
c:\users\Yunier\AppData\Local\{7761F348-D557-4DD6-B3EE-0376B6CC2E56}\chrome\content\overlay.xul
c:\users\Yunier\AppData\Local\{7761F348-D557-4DD6-B3EE-0376B6CC2E56}\install.rdf
c:\users\Yunier\AppData\Local\Temp\jna6366464408454137851.tmp
c:\users\Yunier\AppData\Roaming\.#
c:\users\Yunier\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 00:01 . 2010-12-10 00:02 -------- d-----w- C:\32788R22FWJFW
2010-12-07 09:57 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3AE0819-0EA0-4992-9226-0A3455F793BE}\mpengine.dll
2010-12-05 22:02 . 2010-12-05 22:02 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 22:02 . 2010-08-02 21:10 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 11:20 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\2872.tmp
2010-12-05 11:20 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\9508.tmp
2010-12-04 09:45 . 2010-12-04 10:05 -------- d-----w- c:\users\Yunier\DoctorWeb
2010-12-04 00:24 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\ABFB.tmp
2010-12-04 00:23 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\11CE.tmp
2010-12-04 00:23 . 2010-12-04 00:23 -------- d-----w- c:\program files (x86)\Sophos
2010-12-02 04:34 . 2010-12-02 04:34 -------- d-----w- c:\users\Yunier\AppData\Roaming\Avira
2010-12-02 04:30 . 2010-12-02 04:30 -------- d-----w- c:\programdata\Avira
2010-12-02 04:30 . 2010-12-02 04:30 -------- d-----w- c:\program files (x86)\Avira
2010-12-02 03:16 . 2010-12-02 03:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-12-02 03:16 . 2010-12-02 03:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-12-02 03:15 . 2010-12-02 03:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\Realtime Soft
2010-12-02 03:15 . 2010-12-02 09:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent
2010-12-02 02:46 . 2010-12-02 09:29 -------- d-----w- c:\program files (x86)\RK Unhker
2010-12-02 02:42 . 2010-12-02 02:42 -------- d-----w- c:\program files (x86)\trend micro
2010-12-02 02:42 . 2010-12-02 02:42 -------- d-----w- C:\rsit
2010-12-02 00:00 . 2010-12-02 00:00 0 ----a-w- c:\users\Yunier\AppData\Local\Cnonihuvuw.bin
2010-12-01 18:51 . 2010-12-02 00:17 -------- d-----w- c:\windows\SysWow64\msapps
2010-11-17 03:35 . 2010-11-17 03:35 -------- d-----w- c:\users\Yunier\AppData\Local\TechSmith
2010-11-16 23:48 . 2010-11-16 23:48 -------- d-----w- c:\windows\SysWow64\QuickTime
2010-11-16 23:48 . 2010-11-16 23:48 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2010-11-16 23:47 . 2010-11-16 23:48 -------- d-----w- c:\programdata\TechSmith
2010-11-16 23:47 . 2010-11-16 23:47 -------- d-----w- c:\program files (x86)\TechSmith
2010-11-15 07:39 . 2010-11-15 07:39 -------- d-----w- c:\users\Yunier\AppData\Roaming\ArcticLine
2010-11-15 07:38 . 2010-11-15 07:38 -------- d-----w- c:\program files (x86)\Folder Marker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 00:14 . 2009-09-17 16:41 30528 ----a-w- c:\windows\GVTDrv64.sys
2010-12-10 00:13 . 2009-09-24 01:46 25640 ----a-w- c:\windows\gdrv.sys
2010-10-19 15:41 . 2009-10-02 18:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 05:37 . 2009-09-21 03:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-30 05:37 . 2009-09-21 03:17 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-09-30 05:37 . 2009-09-21 03:17 80768 ----a-w- c:\windows\system32\LMIinit.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-09-21 00:25 731280 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-09-21 00:25 731280 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-09-21 00:25 731280 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]
"Google Update"="c:\users\Yunier\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-29 135664]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-28 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-05-08 75048]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"NcpBudgetGui"="c:\program files (x86)\NCP\SecureClient\NcpBudgetGui.exe" [2009-11-05 968192]
"NcpPopup"="c:\program files (x86)\NCP\SecureClient\ncppopup.exe" [2009-08-26 578560]
"NcpMonitor"="c:\program files (x86)\NCP\SecureClient\ncpmon.exe" [2009-11-16 6587904]
"NcpRsuGui"="c:\program files (x86)\NCP\SecureClient\rwsrsu.exe" [2009-10-12 819712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-09-21 913552]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\users\Yunier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Yunier\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-4-1 141488]
UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico [2010-1-24 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"72.35.66.20,255.255.255.255,192.168.0.1,1"=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2872.tmp [2010-05-26 6144]
R3 ncpfilt;NCP Filter;c:\windows\system32\DRIVERS\ncplelhp.sys [2009-10-08 151016]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2009-08-28 21504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-28 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-11 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/11 22:26];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-08 02:05 146928]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-23 212232]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-23 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 ncpclcfg;ncpclcfg;c:\program files (x86)\NCP\SecureClient\ncpclcfg.exe [2008-06-30 86016]
S2 ncprwsnt;ncprwsnt;c:\program files (x86)\NCP\SecureClient\ncprwsnt.exe [2009-10-27 1381384]
S2 NcpSec;NcpSec;c:\program files (x86)\NCP\SecureClient\ncpsec.exe [2008-10-06 32768]
S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2008-07-14 12288]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 rwsrsu;rwsrsu;c:\program files (x86)\NCP\SecureClient\rwsrsu.exe [2009-10-12 819712]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-07-13 102400]
S2 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-03-27 65072]
S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 6228480]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 160256]
S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-02-23 14904]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-12-10 30528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 24664]
S3 ncplelhp;NCP Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [2009-10-08 151016]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2010-04-07 446304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-10 233472]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - AODDRIVER

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-02 14:03]

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-02 14:03]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2455810250-2567454102-710943029-1000Core.job
- c:\users\Yunier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-29 02:48]

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2455810250-2567454102-710943029-1000UA.job
- c:\users\Yunier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-29 02:48]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-09-21 00:13 1112208 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-09-21 00:13 1112208 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-09-21 00:13 1112208 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"72.35.66.20,255.255.255.255,192.168.0.1,1"=""
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: {BDC70E9E-13E8-457A-8231-5B1DE1CE75CA} = 4.2.2.5,4.2.2.6
DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} - hxxps://devlabman01/LabManager/ControlPanel/Machines/MachineDetails/ActiveXControls/ViewerXVNC/vmware-mks.cab
FF - ProfilePath - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - component: c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files (x86)\Veetle\Player\npvlc.dll
FF - plugin: c:\program files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\users\Yunier\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\VMwareMKSPlugin@vmware.com\plugins\npmks.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Diccionario de Espaņol/Espaņa: es-es@dictionaries.addons.mozilla.org - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\es-es@dictionaries.addons.mozilla.org
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\LogMeInClient@logmein.com
FF - Extension: Personas: personas@christopher.beard - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\personas@christopher.beard
FF - Extension: QuickDrag: quickdrag@mozilla.ktechcomputing.com - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\toolbar@ask.com
FF - Extension: VMware Remote MKS Plugin: VMwareMKSPlugin@vmware.com - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\VMwareMKSPlugin@vmware.com
FF - Extension: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\Yunier\AppData\Roaming\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-QuickSoundSwitch - c:\users\Yunier\Downloads\QuickSoundSwitch.exe
Wow6432Node-HKCU-Run-POEngine5 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PokerOffice5 - c:\program files (x86)\PokerOffice5\uninstall.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2872.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\IBM\Lotus\Notes\ntmulti.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\TVersity\Media Server\MediaServer.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2010-12-09 19:18:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 00:18

Pre-Run: 21,800,816,640 bytes free
Post-Run: 22,009,421,824 bytes free

- - End Of File - - A8D567D75B7C57FA7E8E926A7F3ED4DB

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:00 PM

Posted 10 December 2010 - 06:18 AM

Hi again yunier2002!!.. :)

I think I have cleaned most of it but there's still some lingering issues.

Yep, the ComboFix logfile looks much better - much has already been removed... Please perform all the steps below:

Firstly,
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\Yunier\AppData\Local\Cnonihuvuw.bin
Folder::
c:\windows\SysWow64\msapps
Driver::
WinFLdrv


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Post it in your next reply.

Secondly,
Run a full system scan with updated Malwarebytes' Anti-Malware... Post the log it generates...

Thirdly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 yunier2002

yunier2002
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 10 December 2010 - 09:46 PM

ComboFix Log:

ComboFix 10-12-09.02 - Yunier 12/10/2010 9:14.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.5168 [GMT -5:00]
Running from: c:\users\Yunier\Desktop\ComboFix.exe
Command switches used :: c:\users\Yunier\Desktop\CFScript.txt
FW: NCP Secure Client Firewall *disabled* {33F684F9-95EF-4FC3-9196-012CF0A4D310}

FILE ::
"c:\users\Yunier\AppData\Local\Cnonihuvuw.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Yunier\AppData\Local\Cnonihuvuw.bin
c:\users\Yunier\AppData\Local\Temp\jna345234052532028046.tmp
c:\windows\SysWow64\msapps

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINFLDRV
-------\Service_WinFLdrv


((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-10 14:18 . 2010-12-10 14:18 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-10 14:18 . 2010-12-10 14:18 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-12-10 14:18 . 2010-12-10 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 14:18 . 2010-12-10 14:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-12-07 09:57 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3AE0819-0EA0-4992-9226-0A3455F793BE}\mpengine.dll
2010-12-05 22:02 . 2010-12-05 22:02 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 22:02 . 2010-08-02 21:10 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 11:20 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\2872.tmp
2010-12-05 11:20 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\9508.tmp
2010-12-04 09:45 . 2010-12-04 10:05 -------- d-----w- c:\users\Yunier\DoctorWeb
2010-12-04 00:24 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\ABFB.tmp
2010-12-04 00:23 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\11CE.tmp
2010-12-04 00:23 . 2010-12-04 00:23 -------- d-----w- c:\program files (x86)\Sophos
2010-12-02 04:34 . 2010-12-02 04:34 -------- d-----w- c:\users\Yunier\AppData\Roaming\Avira
2010-12-02 04:30 . 2010-12-02 04:30 -------- d-----w- c:\programdata\Avira
2010-12-02 04:30 . 2010-12-02 04:30 -------- d-----w- c:\program files (x86)\Avira
2010-12-02 03:16 . 2010-12-02 03:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-12-02 03:16 . 2010-12-02 03:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-12-02 03:15 . 2010-12-02 03:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\Realtime Soft
2010-12-02 03:15 . 2010-12-02 09:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent
2010-12-02 02:46 . 2010-12-02 09:29 -------- d-----w- c:\program files (x86)\RK Unhker
2010-12-02 02:42 . 2010-12-02 02:42 -------- d-----w- c:\program files (x86)\trend micro
2010-12-02 02:42 . 2010-12-02 02:42 -------- d-----w- C:\rsit
2010-11-17 03:35 . 2010-11-17 03:35 -------- d-----w- c:\users\Yunier\AppData\Local\TechSmith
2010-11-16 23:48 . 2010-11-16 23:48 -------- d-----w- c:\windows\SysWow64\QuickTime
2010-11-16 23:48 . 2010-11-16 23:48 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2010-11-16 23:47 . 2010-11-16 23:48 -------- d-----w- c:\programdata\TechSmith
2010-11-16 23:47 . 2010-11-16 23:47 -------- d-----w- c:\program files (x86)\TechSmith
2010-11-15 07:39 . 2010-11-15 07:39 -------- d-----w- c:\users\Yunier\AppData\Roaming\ArcticLine
2010-11-15 07:38 . 2010-11-15 07:38 -------- d-----w- c:\program files (x86)\Folder Marker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 00:33 . 2009-09-17 16:41 30528 ----a-w- c:\windows\GVTDrv64.sys
2010-12-11 00:32 . 2009-09-24 01:46 25640 ----a-w- c:\windows\gdrv.sys
2010-10-19 15:41 . 2009-10-02 18:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 05:37 . 2009-09-21 03:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-30 05:37 . 2009-09-21 03:17 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-09-30 05:37 . 2009-09-21 03:17 80768 ----a-w- c:\windows\system32\LMIinit.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-10_00.13.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-20 04:46 . 2010-04-20 04:46 21888 c:\windows\SysWOW64\WinFLdrv.sys
+ 2009-07-11 12:14 . 2010-12-11 00:33 33896 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-16 19:31 . 2010-12-11 00:33 12008 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2455810250-2567454102-710943029-1000_UserData.bin
+ 2009-07-11 12:32 . 2010-12-10 00:20 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-11 12:32 . 2010-12-06 06:23 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-09-16 21:33 . 2010-12-11 00:29 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-16 21:33 . 2010-12-06 06:19 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 21:33 . 2010-12-11 00:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-16 21:33 . 2010-12-06 06:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-11 11:56 . 2010-12-11 00:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-11 11:56 . 2010-12-06 06:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-16 19:32 . 2010-12-10 00:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 19:32 . 2010-12-11 00:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-16 19:32 . 2010-12-10 00:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-16 19:32 . 2010-12-11 00:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-16 19:32 . 2010-12-10 00:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-16 19:32 . 2010-12-11 00:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-16 20:09 . 2010-12-11 00:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-16 20:09 . 2010-12-10 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 20:09 . 2010-12-11 00:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-16 20:09 . 2010-12-10 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-28 07:30 . 2010-12-06 06:23 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
+ 2010-01-28 07:30 . 2010-12-10 00:20 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
- 2010-01-28 07:30 . 2010-12-06 06:23 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
+ 2010-01-28 07:30 . 2010-12-10 00:20 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
+ 2010-01-28 07:30 . 2010-12-10 00:20 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
- 2010-01-28 07:30 . 2010-12-06 06:23 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
- 2010-01-28 07:30 . 2010-12-06 06:23 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2010-01-28 07:30 . 2010-12-10 00:20 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2010-09-23 23:27 . 2010-12-10 00:20 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\ARPPRODUCTICON.exe
- 2010-09-23 23:27 . 2010-12-06 06:23 77542 c:\windows\Installer\{8E3DF98E-D719-390B-3367-64C01A3E259F}\ARPPRODUCTICON.exe
+ 2010-04-20 04:46 . 2010-05-25 14:47 6024 c:\windows\SysWOW64\sys_drv_2.dat
+ 2010-12-11 00:29 . 2010-12-11 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-10 00:12 . 2010-12-10 00:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-11 00:29 . 2010-12-11 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-10 00:12 . 2010-12-10 00:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-11 10:00 . 2010-12-10 00:19 691776 c:\windows\system32\perfh009.dat
- 2009-07-11 10:00 . 2010-12-06 08:26 691776 c:\windows\system32\perfh009.dat
+ 2009-07-11 10:00 . 2010-12-10 00:19 130430 c:\windows\system32\perfc009.dat
- 2009-07-11 10:00 . 2010-12-06 08:26 130430 c:\windows\system32\perfc009.dat
+ 2009-07-11 12:32 . 2010-12-10 00:20 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-11 12:32 . 2010-12-06 06:23 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2010-09-23 13:05 . 2010-12-11 00:28 462704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-23 13:05 . 2010-12-10 00:10 462704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-01-14 23:48 . 2010-01-14 23:48 448512 c:\windows\Installer\7d58d.msi
- 2009-07-11 09:57 . 2010-12-09 19:21 9437184 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-11 09:57 . 2010-12-10 08:09 9437184 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-01-14 23:44 . 2010-01-14 23:44 6667264 c:\windows\Installer\7d599.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-09-21 00:25 731280 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-09-21 00:25 731280 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-09-21 00:25 731280 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]
"Google Update"="c:\users\Yunier\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-29 135664]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-28 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-05-08 75048]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"NcpBudgetGui"="c:\program files (x86)\NCP\SecureClient\NcpBudgetGui.exe" [2009-11-05 968192]
"NcpPopup"="c:\program files (x86)\NCP\SecureClient\ncppopup.exe" [2009-08-26 578560]
"NcpMonitor"="c:\program files (x86)\NCP\SecureClient\ncpmon.exe" [2009-11-16 6587904]
"NcpRsuGui"="c:\program files (x86)\NCP\SecureClient\rwsrsu.exe" [2009-10-12 819712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-09-21 913552]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\users\Yunier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Yunier\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-4-1 141488]
UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico [2010-1-24 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"72.35.66.20,255.255.255.255,192.168.0.1,1"=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2872.tmp [2010-05-26 6144]
R3 ncpfilt;NCP Filter;c:\windows\system32\DRIVERS\ncplelhp.sys [2009-10-08 151016]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2009-08-28 21504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-28 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-11 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/11 22:26];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-08 02:05 146928]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-23 212232]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-23 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 ncpclcfg;ncpclcfg;c:\program files (x86)\NCP\SecureClient\ncpclcfg.exe [2008-06-30 86016]
S2 ncprwsnt;ncprwsnt;c:\program files (x86)\NCP\SecureClient\ncprwsnt.exe [2009-10-27 1381384]
S2 NcpSec;NcpSec;c:\program files (x86)\NCP\SecureClient\ncpsec.exe [2008-10-06 32768]
S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2008-07-14 12288]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 rwsrsu;rwsrsu;c:\program files (x86)\NCP\SecureClient\rwsrsu.exe [2009-10-12 819712]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-07-13 102400]
S2 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-03-27 65072]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 6228480]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 160256]
S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-02-23 14904]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-12-11 30528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 24664]
S3 ncplelhp;NCP Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [2009-10-08 151016]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2010-04-07 446304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-10 233472]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-02 14:03]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-02 14:03]

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2455810250-2567454102-710943029-1000Core.job
- c:\users\Yunier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-29 02:48]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2455810250-2567454102-710943029-1000UA.job
- c:\users\Yunier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-29 02:48]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-09-21 00:13 1112208 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-09-21 00:13 1112208 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-09-21 00:13 1112208 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Yunier\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF20402.cfxxe" [X]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"72.35.66.20,255.255.255.255,192.168.0.1,1"=""
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: {BDC70E9E-13E8-457A-8231-5B1DE1CE75CA} = 4.2.2.5,4.2.2.6
DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} - hxxps://devlabman01/LabManager/ControlPanel/Machines/MachineDetails/ActiveXControls/ViewerXVNC/vmware-mks.cab
FF - ProfilePath - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - component: c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\Veetle\Player\npvlc.dll
FF - plugin: c:\program files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\users\Yunier\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\VMwareMKSPlugin@vmware.com\plugins\npmks.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Yunier\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Diccionario de Espaņol/Espaņa: es-es@dictionaries.addons.mozilla.org - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\es-es@dictionaries.addons.mozilla.org
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\LogMeInClient@logmein.com
FF - Extension: Personas: personas@christopher.beard - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\personas@christopher.beard
FF - Extension: QuickDrag: quickdrag@mozilla.ktechcomputing.com - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\toolbar@ask.com
FF - Extension: VMware Remote MKS Plugin: VMwareMKSPlugin@vmware.com - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\VMwareMKSPlugin@vmware.com
FF - Extension: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\users\Yunier\AppData\Roaming\Mozilla\Firefox\Profiles\c825tz69.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\Yunier\AppData\Roaming\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2872.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\IBM\Lotus\Notes\ntmulti.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\TVersity\Media Server\MediaServer.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Digsby\lib\digsby-app.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2010-12-10 19:37:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 00:37
ComboFix2.txt 2010-12-10 00:18

Pre-Run: 21,927,763,968 bytes free
Post-Run: 21,184,442,368 bytes free

- - End Of File - - 0C94506ACE042E75C1097A3035237F9A





Malwarebytes' Anti-Malware Log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5285

Windows 6.1.7600
Internet Explorer 8.0.7600.16384

12/10/2010 8:32:40 PM
mbam-log-2010-12-10 (20-32-40).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 553026
Time elapsed: 51 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





ESET Online Scanner Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16384 (win7_rtm.090710-1945)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=56f61ce985fded44b612770543aa5b1e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-11 02:41:23
# local_time=2010-12-10 09:41:23 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 0 27621314 87570 0
# compatibility_mode=5893 16776573 100 94 0 43809474 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=378996
# found=1
# cleaned=1
# scan_time=3718
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:00 PM

Posted 11 December 2010 - 02:53 PM

Hi again yunier2002!!.. :)

That looks much better!!.. Does any problem persist??..

I suggest you uninstall Ask Toolbar - it's a questionable product, read here: Products with Ask Toolbar, under Privacy issues...

We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities...
Run Adobe Reader --> Help --> Check for updates - let it update to the newest version - should be 8.2.4 or higher...
I'm not sure if version 8 of Adobe Acrobat Reader is still supported... If no, I suggest upgrading to the newest version...

- Java

Close any open browsers/windows/programs...
Double-click on the file in bold: C:\Program files (x86)\Java\jre6\bin\javacpl.exe --> Open tab: Update --> click Update now

Let me know if it updates Java for you (to the u23 version)...

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

- Mozilla Firefox --> Help --> Check for updates - let it update to the newest version - 3.6.13

Then,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

Edited by snemelk, 11 December 2010 - 02:59 PM.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 yunier2002

yunier2002
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 11 December 2010 - 06:10 PM

Hey snemelk, I don't see any more issues now. I have updated all the programs that you mentioned. Thanks! :)

Here's the TDSSKiller log:


2010/12/11 18:08:20.0404 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 18:08:20.0404 ================================================================================
2010/12/11 18:08:20.0404 SystemInfo:
2010/12/11 18:08:20.0404
2010/12/11 18:08:20.0404 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/11 18:08:20.0404 Product type: Workstation
2010/12/11 18:08:20.0404 ComputerName: YUNIERDESKTOP
2010/12/11 18:08:20.0405 UserName: Yunier
2010/12/11 18:08:20.0405 Windows directory: C:\Windows
2010/12/11 18:08:20.0405 System windows directory: C:\Windows
2010/12/11 18:08:20.0405 Running under WOW64
2010/12/11 18:08:20.0405 Processor architecture: Intel x64
2010/12/11 18:08:20.0405 Number of processors: 4
2010/12/11 18:08:20.0405 Page size: 0x1000
2010/12/11 18:08:20.0405 Boot type: Normal boot
2010/12/11 18:08:20.0405 ================================================================================
2010/12/11 18:08:20.0405 Utility is running under WOW64
2010/12/11 18:08:20.0801 Initialize success
2010/12/11 18:08:26.0442 ================================================================================
2010/12/11 18:08:26.0442 Scan started
2010/12/11 18:08:26.0442 Mode: Manual;
2010/12/11 18:08:26.0442 ================================================================================
2010/12/11 18:08:27.0359 1394ohci (1e376f6753e7e64243856b16ae17eb85) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/11 18:08:27.0400 6077757b (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
2010/12/11 18:08:27.0439 ACPI (4f0d19a6dbd0d38c3d62830e60f83618) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/11 18:08:27.0474 AcpiPmi (7f1a74c077d63a152fb15a82b0b40a3c) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/11 18:08:27.0514 adp94xx (ea689145d5f4001c65b6d9c600712c88) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/11 18:08:27.0528 adpahci (448f50f5ca6fbc19e7321de720fba971) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/11 18:08:27.0540 adpu320 (3532a197e85b77fad1bb83ea66d4f160) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/11 18:08:27.0594 AFD (cd51dd04dc7f7e4084eec9b779f8b9b3) C:\Windows\system32\drivers\afd.sys
2010/12/11 18:08:27.0605 agp440 (a782bd7c1d9298ad722d8db9ab7b45ee) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/11 18:08:27.0622 aliide (fc428b0f9a13da906c3e4ca12e95ac44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/11 18:08:27.0642 amdide (e90c17a800f4ec4a275d3d1344cfcd83) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/11 18:08:27.0652 AmdK8 (4013b7652a8f206fa30168ffb8b2c1f2) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/11 18:08:27.0764 amdkmdag (a497ff5ae4d0c93da2cfb98e6a355c1f) C:\Windows\system32\DRIVERS\atipmdag.sys
2010/12/11 18:08:27.0853 amdkmdap (91b89be832d436af257b91666bc32c30) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/11 18:08:27.0862 AmdPPM (1c494a17cd9eb78e0c9ba01be9a49e91) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/11 18:08:27.0881 amdsata (14bc6d8b8053ed8abdc22e8ed6401447) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/11 18:08:27.0898 amdsbs (07ef1a60b2e6eeaad4b55c201a0866e9) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/11 18:08:27.0923 amdxata (75798f5c778017e2b4630f14f420fe92) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/11 18:08:27.0980 AnyDVD (7e9b3ae62c0d9cfda16f2d97f939a7b1) C:\Windows\system32\Drivers\AnyDVD.sys
2010/12/11 18:08:28.0060 AODDriver (f160ecce1500a5a5877c123584e86b17) C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys
2010/12/11 18:08:28.0093 AppID (b33271cade5f5cfe82333fa8f22c91b0) C:\Windows\system32\drivers\appid.sys
2010/12/11 18:08:28.0134 arc (a9f320bcf66a44fc0f6eea4222b76260) C:\Windows\system32\DRIVERS\arc.sys
2010/12/11 18:08:28.0143 arcsas (76a1eed639aa1605bc409bf951c2d4a0) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/11 18:08:28.0190 asusgsb (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
2010/12/11 18:08:28.0200 AsyncMac (6a047e57d06c42302787a8fb861edb4f) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/11 18:08:28.0210 atapi (4ba74dcd20d4650dac539380e07aae13) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/11 18:08:28.0259 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/11 18:08:28.0359 atikmdag (a497ff5ae4d0c93da2cfb98e6a355c1f) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/11 18:08:28.0464 atkdisplf (fb4187c282cb467e5e606913a1fa79a3) C:\Windows\system32\drivers\ATKDispLowFilter.sys
2010/12/11 18:08:28.0509 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/12/11 18:08:28.0547 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2010/12/11 18:08:28.0561 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/11 18:08:28.0574 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/11 18:08:28.0595 Beep (ebcc12e2ae81bb07f9765f062b75c458) C:\Windows\system32\drivers\Beep.sys
2010/12/11 18:08:28.0645 blbdrive (0fecc253f0ab2089cc5a137d18e7181a) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/11 18:08:28.0681 bowser (6ce49a10a9b00fef1c7801c3202b86f4) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/11 18:08:28.0699 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/11 18:08:28.0719 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/11 18:08:28.0756 Bridge (60d8430a72418252f44fead77fa043d1) C:\Windows\system32\DRIVERS\bridge.sys
2010/12/11 18:08:28.0782 BridgeMP (60d8430a72418252f44fead77fa043d1) C:\Windows\system32\DRIVERS\bridge.sys
2010/12/11 18:08:28.0796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/11 18:08:28.0806 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/11 18:08:28.0815 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/11 18:08:28.0825 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/11 18:08:28.0835 BTHMODEM (8d2e4c040c4815cd8b0c6dc0cec423f4) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/11 18:08:28.0898 cdfs (7e80862ab2919f3a883352a7f4998948) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/11 18:08:28.0922 cdrom (48f9fe14ca5556a9b31098ff2ddbd97f) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/11 18:08:28.0933 circlass (ece296c6d141efbb75e44c9b30943acf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/11 18:08:28.0961 CLFS (8fa80c3d8bd3579c8aac0fdb056ca036) C:\Windows\system32\CLFS.sys
2010/12/11 18:08:28.0992 CmBatt (5bc295d096a9c82049b8c4acfd2b8458) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/11 18:08:29.0001 cmdide (7b12f4c228124beacd93efb8d30f49ed) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/11 18:08:29.0025 CNG (93b8564d421aa5a9c0e8aee818ad735c) C:\Windows\system32\Drivers\cng.sys
2010/12/11 18:08:29.0036 Compbatt (39119f559676d7a7236aaca2794f32cf) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/11 18:08:29.0049 CompositeBus (34de275a41c2d768e7f23e22b5662df4) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/11 18:08:29.0089 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
2010/12/11 18:08:29.0105 crcdisk (b99374fbb70e9405fc6193761487882d) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/11 18:08:29.0159 CSC (8b2280d9be4150ad0c20cdd0faddac94) C:\Windows\system32\drivers\csc.sys
2010/12/11 18:08:29.0183 DfsC (b5947ad1c0eee467d24fe0b7f6f048d6) C:\Windows\system32\Drivers\dfsc.sys
2010/12/11 18:08:29.0200 discache (ba70a13b26dc6d75d649578e2bded6e2) C:\Windows\system32\drivers\discache.sys
2010/12/11 18:08:29.0229 Disk (07f799c153f88ab900e2bf2cb22f51c9) C:\Windows\system32\DRIVERS\disk.sys
2010/12/11 18:08:29.0259 DNE (ae30fbab034d5c5dba3b6005af167072) C:\Windows\system32\DRIVERS\dne64x.sys
2010/12/11 18:08:29.0307 drmkaud (78729416f581e5be231bacd16e6c2917) C:\Windows\system32\drivers\drmkaud.sys
2010/12/11 18:08:29.0337 DXGKrnl (57810db6308702ddd8424d71fd3ed3dd) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/11 18:08:29.0406 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/11 18:08:29.0479 EIO_XP (bf59ed37f8f555e8ce35d62de9794cac) C:\Windows\system32\drivers\EIO64_XP.sys
2010/12/11 18:08:29.0543 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/11 18:08:29.0585 elxstor (56de962bded69791b68cc24795645e3a) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/11 18:08:29.0600 ErrDev (9c3441c00b5b3f26a64da9854ec42d6f) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/11 18:08:29.0624 exfat (336b53749981ec013a1b9cc9cf8e9542) C:\Windows\system32\drivers\exfat.sys
2010/12/11 18:08:29.0648 fastfat (96ea5c794f81c4661d140c4bbd1baedb) C:\Windows\system32\drivers\fastfat.sys
2010/12/11 18:08:29.0685 fdc (06acab71f42dd4151baabd5e8d7e8df8) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/11 18:08:29.0705 FileInfo (293f787974da07ed384e20a7d2367049) C:\Windows\system32\drivers\fileinfo.sys
2010/12/11 18:08:29.0718 Filetrace (699e849445c4c773240cf34adefa9dd1) C:\Windows\system32\drivers\filetrace.sys
2010/12/11 18:08:29.0753 flpydisk (61eeeddc3ca37f0226bf3b359a7d23fd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/11 18:08:29.0789 FltMgr (a0818ba531ed632a3d5b2254bce78f94) C:\Windows\system32\drivers\fltmgr.sys
2010/12/11 18:08:29.0832 FsDepends (58a260587a8c4847c4091cdf7b72ec65) C:\Windows\system32\drivers\FsDepends.sys
2010/12/11 18:08:29.0846 Fs_Rec (1a15c1a51af514e366bfca5bee6eb30b) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/11 18:08:29.0886 fvevol (959407180510c1ad57feb51cd834a29f) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/11 18:08:29.0896 gagp30kx (9f67cf08f0f72caef21d276c134151aa) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/11 18:08:29.0929 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2010/12/11 18:08:29.0968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/11 18:08:29.0985 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2010/12/11 18:08:30.0022 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2010/12/11 18:08:30.0052 hcmon (09857a166b91cfece8cf48aea8c5cb0d) C:\Windows\system32\drivers\hcmon.sys
2010/12/11 18:08:30.0061 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/11 18:08:30.0094 HdAudAddService (70cb6e9c1e534b1954cc9f70b2568926) C:\Windows\system32\drivers\HdAudio.sys
2010/12/11 18:08:30.0135 HDAudBus (a3af1bd3e88478aad4ad4b016b13fc7e) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/11 18:08:30.0144 HidBatt (02457c510e1dfca962e1f23c3a125b13) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/11 18:08:30.0154 HidBth (42c680724459633442866c5194587188) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/11 18:08:30.0164 HidIr (22f342e63d10e8a2d612a963b197d73f) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/11 18:08:30.0221 HidUsb (7371b8317828c5669fa8631433d69396) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/11 18:08:30.0250 HpSAMD (b242f83c5b077df072bcd5f675738e0c) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/11 18:08:30.0317 HTTP (60ef5df369617f8b6e9b747bcccab876) C:\Windows\system32\drivers\HTTP.sys
2010/12/11 18:08:30.0336 hwpolicy (afdbfc5ed095dd879dbc41692be2e17e) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/11 18:08:30.0385 i8042prt (e4b8ae64a2a11bb70870fd6314192704) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/11 18:08:30.0409 iaStorV (41fc268fa7679dd0e5734c68626a9992) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/11 18:08:30.0452 iirsp (95cd216e2e2f87cf30c141c86cf69682) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/11 18:08:30.0490 intelide (bd9418980ac55af7460c7684a736887e) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/11 18:08:30.0512 intelppm (7a740ef344ca785f5c53b70601705284) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/11 18:08:30.0522 IpFilterDriver (01413847cc500fbaaefc0c6e58dfaed2) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/11 18:08:30.0534 IPMIDRV (84cd3c2b140a2471aa60b84f3cb9302f) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/11 18:08:30.0552 IPNAT (45b1d5b34d2232a6765190e3ea254956) C:\Windows\system32\drivers\ipnat.sys
2010/12/11 18:08:30.0590 IRENUM (95557ef5bd0fbc4cf396d1e058b372fc) C:\Windows\system32\drivers\irenum.sys
2010/12/11 18:08:30.0598 isapnp (5a8ce8a16e291697b1049682b1ae6ed4) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/11 18:08:30.0616 iScsiPrt (91bd84fc40a9b601f93d443c9d4b7fc3) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/11 18:08:30.0661 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
2010/12/11 18:08:30.0689 kbdclass (ea7b746c3d58efdd632979532dae20bc) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/11 18:08:30.0704 kbdhid (7d14f22e92ffe1a8990f8975eea881fd) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/11 18:08:30.0726 KSecDD (8f7e70a8b621b5f0c718b5cdaa5409b5) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/11 18:08:30.0743 KSecPkg (78920006d19ae41eb4c64a36b955d09d) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/11 18:08:30.0759 ksthunk (10d45c0299a5097e1885073c7f189936) C:\Windows\system32\drivers\ksthunk.sys
2010/12/11 18:08:30.0801 lltdio (a12cb51ac7d17fe024bf2165c912d08a) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/11 18:08:30.0942 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
2010/12/11 18:08:30.0973 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
2010/12/11 18:08:31.0036 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
2010/12/11 18:08:31.0063 LSI_FC (966776a9ee29467b5e564a05cb1d662e) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/11 18:08:31.0072 LSI_SAS (fe038900faebdfbd84e471cbc7428a72) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/11 18:08:31.0081 LSI_SAS2 (f5153754bed2d104c6075070c6c4a6ab) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/11 18:08:31.0107 LSI_SCSI (34b976d63115976d701f963077a7beee) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/11 18:08:31.0131 luafv (0440f5f7677e2f638102342a4b936288) C:\Windows\system32\drivers\luafv.sys
2010/12/11 18:08:31.0181 MBAMProtector (e330051cce41eb4522e5dcebc15adcea) C:\Windows\system32\drivers\mbam.sys
2010/12/11 18:08:31.0203 megasas (8dc3d7e7e223c6aea46a5e7e1c3ff000) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/11 18:08:31.0214 MegaSR (6a028534847a190dcdf1035c7c059ad7) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/11 18:08:31.0249 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\2872.tmp
2010/12/11 18:08:31.0259 Modem (f5e106b5d3ca1277235c348a04b3edf7) C:\Windows\system32\drivers\modem.sys
2010/12/11 18:08:31.0278 monitor (d76c64aec54663e4b75accdfef1f9892) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/11 18:08:31.0288 mouclass (0f51c6a2bf132a998477c8fe946af6a8) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/11 18:08:31.0305 mouhid (6acdc21895d9e1d9a806f7b88db8aef3) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/11 18:08:31.0322 mountmgr (6ab5231f557e460168d0f84470f93d00) C:\Windows\system32\drivers\mountmgr.sys
2010/12/11 18:08:31.0332 mpio (62c9f982922b1463abc18a582f692b40) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/11 18:08:31.0347 mpsdrv (3cc349943671eb34850c01a9289465eb) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/11 18:08:31.0368 MRxDAV (c6a93803442065b1f968d84b17fe5249) C:\Windows\system32\drivers\mrxdav.sys
2010/12/11 18:08:31.0391 mrxsmb (8ff38ee66a40effd4d9990f683e06482) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/11 18:08:31.0409 mrxsmb10 (20214b245a3aa91eb897259b8c4c56a4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/11 18:08:31.0425 mrxsmb20 (95be2af3d415ac9f80053683e2f31ac9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/11 18:08:31.0434 msahci (1268c020343a3362035143740c11a40f) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/11 18:08:31.0444 msdsm (b4f139c1057485de8e74e111d8381fa5) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/11 18:08:31.0460 Msfs (1e51dfc76249c99a780c29429fbaa705) C:\Windows\system32\drivers\Msfs.sys
2010/12/11 18:08:31.0477 mshidkmdf (b07828fb18b897b70f025b7d3a8fa62e) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/11 18:08:31.0485 msisadrv (0477eddcee6b2d337147707c9d1832ab) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/11 18:08:31.0525 MSKSSRV (88d4fde09da91d40471fc55ea8772651) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/11 18:08:31.0557 MSPCLOCK (8bb6a3b20e3f0afa4ae310dd4c9bd2c9) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/11 18:08:31.0570 MSPQM (63ab1056d93ebf099c85c83ef0513be4) C:\Windows\system32\drivers\MSPQM.sys
2010/12/11 18:08:31.0587 MsRPC (b07663beded69462b4de5da110ef2c7c) C:\Windows\system32\drivers\MsRPC.sys
2010/12/11 18:08:31.0600 mssmbios (ab6ab8eebce1b31ff3547c2f1423e8fd) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/11 18:08:31.0614 MSTEE (ac7ac41b908de49bb9ba689b5f126d58) C:\Windows\system32\drivers\MSTEE.sys
2010/12/11 18:08:31.0633 MTConfig (59982fbf933cd515a23d083c235c7ecb) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/11 18:08:31.0687 Mup (ee02ee4a1f432e91f42988359bb20ed3) C:\Windows\system32\Drivers\mup.sys
2010/12/11 18:08:31.0735 NativeWifiP (1b94907e08c0d4c49861aeca231f01d1) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/11 18:08:31.0796 ncpfilt (74c4ac4e3424862a8149dd1e788abc89) C:\Windows\system32\DRIVERS\ncplelhp.sys
2010/12/11 18:08:31.0803 ncplelhp (74c4ac4e3424862a8149dd1e788abc89) C:\Windows\system32\DRIVERS\ncplelhp.sys
2010/12/11 18:08:31.0872 NDIS (9b3e44fe3a79a34e4892548403156ae2) C:\Windows\system32\drivers\ndis.sys
2010/12/11 18:08:31.0897 NdisCap (6e628efbbe661bf085da57b8085a6c71) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/11 18:08:31.0947 NdisTapi (84d43ba72c1643ee78151caba98009d6) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/11 18:08:31.0966 Ndisuio (d56f1ef2719df7c784fe4a93378c0ad8) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/11 18:08:31.0978 NdisWan (c6d68270cb6bdc19edc164541a210131) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/11 18:08:31.0997 NDProxy (93c8302053a9777230993c75b93d125e) C:\Windows\system32\drivers\NDProxy.sys
2010/12/11 18:08:32.0031 Netaapl (fe2c3783b211484022702c052b03cee0) C:\Windows\system32\DRIVERS\netaapl64.sys
2010/12/11 18:08:32.0065 NetBIOS (048e002a4a3fff0dded474119b899251) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/11 18:08:32.0098 NetBT (f804ae12da984ab10e011ec387f20e48) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/11 18:08:32.0140 nfrd960 (a004846f93f5fb698641f0be9f4fea76) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/11 18:08:32.0164 Npfs (741ac9c1e1cd97c1e1185a3f6964c56f) C:\Windows\system32\drivers\Npfs.sys
2010/12/11 18:08:32.0182 nsiproxy (99f195cf8fc487b8a8ed075c6182fb96) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/11 18:08:32.0216 Ntfs (654b08134ef35f54112e244bd9f5ce22) C:\Windows\system32\drivers\Ntfs.sys
2010/12/11 18:08:32.0243 Null (365cfee666eca31685e340ae0ad8e97d) C:\Windows\system32\drivers\Null.sys
2010/12/11 18:08:32.0421 nvraid (4f326fc2ea5f22063fadce617701dbad) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/11 18:08:32.0461 nvstor (519d057f33b5316e25e15ff00c1f63f9) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/11 18:08:32.0471 nv_agp (e99c115f77d15a1c91a7459994b70927) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/11 18:08:32.0485 ohci1394 (25bf5037e471663a17600c340e15003b) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/11 18:08:32.0532 Parport (39a5340363737d70a9fc6cd09ff0d2e8) C:\Windows\system32\DRIVERS\parport.sys
2010/12/11 18:08:32.0551 partmgr (59a2e6d968c48f235481d1716ed89e96) C:\Windows\system32\drivers\partmgr.sys
2010/12/11 18:08:32.0568 pci (a2a4604160ab8573ed3e31e0e29bb426) C:\Windows\system32\DRIVERS\pci.sys
2010/12/11 18:08:32.0586 pciide (e1368aad37fd5673f51667c0be9356ef) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/11 18:08:32.0596 pcmcia (1bae2e6e516fe5d83c27c94727837410) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/11 18:08:32.0636 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/11 18:08:32.0649 pcw (f071dd2488d5bf0dd0f27c6a0f3b4e8c) C:\Windows\system32\drivers\pcw.sys
2010/12/11 18:08:32.0675 PEAUTH (6af371b20989dd5304d297ab4990c4e4) C:\Windows\system32\drivers\peauth.sys
2010/12/11 18:08:32.0762 PptpMiniport (e2a6ff9989c01a4631d901df67d14343) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/11 18:08:32.0785 Processor (9cc21fc0464482b531e1c65d3781410b) C:\Windows\system32\DRIVERS\processr.sys
2010/12/11 18:08:32.0828 Psched (9966e75ce497ea811db196d6eb883f7d) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/11 18:08:32.0890 ql2300 (ab2eeaa51634ac0a7f4da3131b9e629d) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/11 18:08:32.0917 ql40xx (d4d03c77a412d49341f10d1e8218b44f) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/11 18:08:32.0942 QWAVEdrv (c127d55d657f5265b21a4926a6ed9d31) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/11 18:08:32.0963 RasAcd (1b07b4958eb78e134b15d9831f3b7bf0) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/11 18:08:32.0992 RasAgileVpn (c6dc3110bd836ca60bbd23831fa0190e) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/11 18:08:33.0008 Rasl2tp (d856cff2edd7aa0c9b304edc25a3a958) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/11 18:08:33.0070 RasPppoe (e315fa16126fe75e0f9a5c82a84f7eab) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/11 18:08:33.0106 RasSstp (7d1f7c65a7f078ee9cbae0e86a8e250d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/11 18:08:33.0127 rdbss (663b29690d26ac356c76d5a4b169e5e0) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/11 18:08:33.0143 rdpbus (6c878559cff2718c8d9f04bca65bd7fd) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/11 18:08:33.0160 RDPCDD (c3dac2b810d4ff6c5a3a6988ef50b8fe) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/11 18:08:33.0186 RDPDR (0094130825539e20fb09bbad05f29306) C:\Windows\system32\drivers\rdpdr.sys
2010/12/11 18:08:33.0229 RDPENCDD (33b6fad789c72e44dd727ee1f7da3152) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/11 18:08:33.0244 RDPREFMP (84f79317802fa250e26a9cb71b55a703) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/11 18:08:33.0262 RDPWD (0067af18db755524d264c61ebffeb697) C:\Windows\system32\drivers\RDPWD.sys
2010/12/11 18:08:33.0277 rdyboost (580c5623f054323cec0405bf03ba70ec) C:\Windows\system32\drivers\rdyboost.sys
2010/12/11 18:08:33.0317 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
2010/12/11 18:08:33.0373 rspndr (48443cb98ec09d0cad0ff22a41ddaad7) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/11 18:08:33.0425 RT61 (c74c2f326452a052141a6414f92ff099) C:\Windows\system32\DRIVERS\RT61.sys
2010/12/11 18:08:33.0475 rt61x64 (60eb8a87357ca5b088b422d1e55a2405) C:\Windows\system32\DRIVERS\netr6164.sys
2010/12/11 18:08:33.0523 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
2010/12/11 18:08:33.0569 RTL8167 (e843fdfa8bdd37d271fcdb764c72d054) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/12/11 18:08:33.0605 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
2010/12/11 18:08:33.0629 s3cap (1a7ab3ab88fe1f7bdffaee0ddb80afb7) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/11 18:08:33.0678 sbp2port (b66c9624cf082252f5b85d5f8a2bbecf) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/11 18:08:33.0721 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
2010/12/11 18:08:33.0735 scfilter (3f96080c31f131c46ac83ded90c9900d) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/11 18:08:33.0772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/11 18:08:33.0790 Serenum (774e19827074c0f163a90b002defb2b9) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/11 18:08:33.0805 Serial (3f74c24e36f0d8470aaa3a3a93e67fd3) C:\Windows\system32\DRIVERS\serial.sys
2010/12/11 18:08:33.0825 sermouse (0e80103632640a65b048b2f4841145f8) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/11 18:08:33.0853 sffdisk (69c1d5d7d32fb0d8e6016edb91c5bcbe) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/11 18:08:33.0869 sffp_mmc (4bc154f1303982f52a5b04f38c0f4ae6) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/11 18:08:33.0883 sffp_sd (7a7dc806df7ec7aa7449d2ba1fa647e0) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/11 18:08:33.0897 sfloppy (975ecab216a0661374951aaa8c8463a7) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/11 18:08:33.0940 SiSRaid2 (2a2b32701a148c5625c8aa792795c228) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/11 18:08:33.0949 SiSRaid4 (ccfba44ada39ae224f6d7970b024454d) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/11 18:08:33.0981 Smb (bdfb8997dc01b06e29614ba547149bd9) C:\Windows\system32\DRIVERS\smb.sys
2010/12/11 18:08:34.0013 spldr (87367c97f5fd0f6d70308b44c642523a) C:\Windows\system32\drivers\spldr.sys
2010/12/11 18:08:34.0035 srv (6d7df7ec6845c1281c543e93857ffb13) C:\Windows\system32\DRIVERS\srv.sys
2010/12/11 18:08:34.0055 srv2 (b4760a37ab110673fdbb6efe22139c85) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/11 18:08:34.0076 srvnet (dafb965b3a26ac2fefbb5cff6cd75463) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/11 18:08:34.0099 stexstor (596017866a96ef2db3002b4539d2a992) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/11 18:08:34.0142 storflt (f126def676baef77f06274f0745b9409) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/11 18:08:34.0157 storvsc (4f7ebf0fe3d5bb855ad42100bfbdce49) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/11 18:08:34.0189 swenum (dd1ff8f3c7b0aae6f9773b37c4fefe3f) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/11 18:08:34.0233 Tcpip (04c0952f5748ef56c05096392b0fda27) C:\Windows\system32\drivers\tcpip.sys
2010/12/11 18:08:34.0284 TCPIP6 (04c0952f5748ef56c05096392b0fda27) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/11 18:08:34.0310 tcpipreg (e97c1eb4fefcf9b600467e9e93c77559) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/11 18:08:34.0330 TDPIPE (c023e70850786ec060bf3d8a97ceac91) C:\Windows\system32\drivers\tdpipe.sys
2010/12/11 18:08:34.0347 TDTCP (d337ddb3e7b2bbfd2ffdca0383190b9e) C:\Windows\system32\drivers\tdtcp.sys
2010/12/11 18:08:34.0366 tdx (2f8705a821966976435311879a136fb4) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/11 18:08:34.0406 TermDD (10a280167f987fbaf0a2a5a802c22e1d) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/11 18:08:34.0429 tssecsrv (56961dc24bf88ff7b75436273f1c0411) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/11 18:08:34.0476 tunnel (4f75c4bcf4eb1812ebf69678b1e8866a) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/11 18:08:34.0527 uagp35 (f7cc38c4dbbd424cb9872dfcc358b61f) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/11 18:08:34.0549 udfs (32c707be3869e08e658b22fff8d82857) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/11 18:08:34.0595 uliagpkx (68bb10760bc5f8d8e600e3478c666b68) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/11 18:08:34.0661 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
2010/12/11 18:08:34.0677 umbus (887093fc0bd55b05e4b11be614e9990b) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/11 18:08:34.0703 UmPass (453a1d3731f0a911620ad03570168963) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/11 18:08:34.0736 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/12/11 18:08:34.0759 usbccgp (ee733bf3970999262d97a1ea8bf90706) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/11 18:08:34.0781 usbcir (36ccf2e42d9092e2ca731f2efa38db0d) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/11 18:08:34.0802 usbehci (6f777ec4deddbbe4c6a036ad43adf4b6) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/11 18:08:34.0826 usbhub (1cd763ba907f39a2a7b8e1fb5498b6c8) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/11 18:08:34.0846 usbohci (0106ad7e43eb17f6c8358666274306a3) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/11 18:08:34.0860 usbprint (d565ecfaffd89c10f1c26f257a8be872) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/11 18:08:34.0882 USBSTOR (51317b0ed8006522f854f21732e13745) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/11 18:08:34.0893 usbuhci (a0ff08be34ab81684d58a18c55d6e6aa) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/11 18:08:34.0908 vdrvroot (34b8a41097a621e8ea9daf9e51faef3d) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/11 18:08:34.0932 vga (48a4d916226adca237d657051fc5b577) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/11 18:08:34.0953 VgaSave (06df55c26c2cda4803d6f309412ccd7a) C:\Windows\System32\drivers\vga.sys
2010/12/11 18:08:34.0972 vhdmp (446d2a106589cbe62afbce52b43c0d9c) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/11 18:08:34.0994 viaide (5dcaaf1eebdb393169d21722a567a46b) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/11 18:08:35.0046 vmbus (57aea629b474cedf90a40c04d2f48374) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/11 18:08:35.0056 VMBusHID (c9371b1c8e8d6138e986f64b39f6fbfd) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/11 18:08:35.0088 vmci (a198cf174f18121937a516262891b973) C:\Windows\system32\drivers\vmci.sys
2010/12/11 18:08:35.0119 vmkbd (0dd46b753f373a9b47a16dcdd59eab01) C:\Windows\system32\drivers\VMkbd.sys
2010/12/11 18:08:35.0138 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/12/11 18:08:35.0147 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/12/11 18:08:35.0168 VMnetuserif (e3674d60af15a098e0e8e29eb6c38f68) C:\Windows\system32\drivers\vmnetuserif.sys
2010/12/11 18:08:35.0182 VMparport (fadfca7f531d1b83ff3f71a2369e0ce9) C:\Windows\system32\drivers\VMparport.sys
2010/12/11 18:08:35.0218 vmx86 (097759e41744c33970f3c58e0d9c284e) C:\Windows\system32\drivers\vmx86.sys
2010/12/11 18:08:35.0237 volmgr (eee870008ed4abafd65fec11319b95a5) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/11 18:08:35.0259 volmgrx (72dd606c80657f6fcba5479587506577) C:\Windows\system32\drivers\volmgrx.sys
2010/12/11 18:08:35.0279 volsnap (31cec7e23abdbf3f56311f723f3eb56f) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/11 18:08:35.0320 vsmraid (32ee7a979bc7b7265e801696a83dce42) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/11 18:08:35.0407 vstor2-ws60 (4eeb681f3dee918742b39704649cc861) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
2010/12/11 18:08:35.0416 vwifibus (b94ed67df196e0ae23f12a5b38646115) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/11 18:08:35.0447 vwififlt (f25b5058dfa8eb45dc3c6d30ae605f11) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/11 18:08:35.0474 WacomPen (d33f37733f36e6cab793303150f00ce0) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/11 18:08:35.0511 WANARP (0b5d97c2a1a2995b1f719551e9ce88d5) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 18:08:35.0528 Wanarpv6 (0b5d97c2a1a2995b1f719551e9ce88d5) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 18:08:35.0579 Wd (53d1f658447eac0311b487b100aa8534) C:\Windows\system32\DRIVERS\wd.sys
2010/12/11 18:08:35.0607 Wdf01000 (bef179467244e10d66d863675e6e6c4f) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/11 18:08:35.0660 WfpLwf (e4b723325fc9004aebbf383f3f35dd38) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/11 18:08:35.0682 WIMMount (7e6d9c6c3eaf92dd176dbce8d31900c4) C:\Windows\system32\drivers\wimmount.sys
2010/12/11 18:08:35.0751 WinUsb (1b4a8fbe4f17e6605f41287b303c00e3) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/11 18:08:35.0784 WmiAcpi (088a1f1bcd82721b50c1a82b3722cc44) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/11 18:08:35.0825 ws2ifsl (62aae4d5c99cf73643fc981eb0098bbf) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/11 18:08:35.0846 WudfPf (85d2d1e5e2c79001dbe5a982514694ce) C:\Windows\system32\drivers\WudfPf.sys
2010/12/11 18:08:35.0860 WUDFRd (3509c291b3f1207a90eab469870b376a) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/11 18:08:35.0966 {B154377D-700F-42cc-9474-23858FBDF4BD} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
2010/12/11 18:08:36.0013 ================================================================================
2010/12/11 18:08:36.0013 Scan finished
2010/12/11 18:08:36.0013 ================================================================================

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:00 PM

Posted 11 December 2010 - 06:21 PM

Hi yunier2002!!.. :)

Hey snemelk, I don't see any more issues now. I have updated all the programs that you mentioned. Thanks! :)

Glad to see everything works well now!!.. :thumbup2:

Some final steps to perform:

Firstly,
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:00 PM

Posted 26 December 2010 - 10:22 AM

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users